Code Injection in trentm/json

✍️ Description json is a 'json' command tool for massaging and processing JSON on the command line. Affected versions of this package are vulnerable to Arbitrary Code Injection via the -d argument. 🕵️‍♂️ Proof of Concept curl -sL 'https://api.github.com/repos/joyent/node/issues?state=open' |...

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description The forkcms is vulnerable to XSS through adding new media. 🕵️‍♂️ Proof of Concept Payload: . 1. With an authenticated user, access: http://localhost/private/en/medialibrary/mediaitemindex. 2. Select the option Online movies Youtube, Vimeo, ... and click on Next. 3. Select any source...

Cross-site Scripting (XSS) - Stored in harish81/digidocu

✍️ Description DigiDocu is a CMS written in PHP using Laravel Framework. Laravel uses Blade templating engine which sanitizes the HTML by default. But DigiDocu is trying to render some HTML content without validating the input that comes from the user's profile ie. users can write some HTML using...

Server-Side Request Forgery (SSRF) in frenchbread/private-ip

✍️ Description Private-ip is an NPM module that is used to check if the input IP address is private or not, so as to prevent SSRF attacks. It has 12k downloads every week on NPM However, I found that by crafting a malicious IP, an attacker can easily bypass this check. 🕵️‍♂️ Proof of Concept First...

Path Traversal in mailtrain-org/mailtrain

✍️ Description A path traversal also known as directory traversal is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application. This might include application code and data, credentials for back-end systems, and sensitive operating...

Code Injection in flitbit/json-ptr

✍️ Description json-ptr is a complete implementation of JSON Pointer RFC 6901 for nodejs and modern browsers. JsonPointer.get that is designed to get the target object's value at the pointer's location is vulnerable to arbitrary code injection and exection, mainly due to the lack of sanitizing for...

Cross-Site Request Forgery (CSRF) in thewawar/simple-http-server

✍️ Description The 'upload' feature in simple-http-server is vulnerable to cross-site request forgery, it doesn't authenticate the user and just uploads the files which are given to it. If upload feature is enabled, it can allow attackers to craft web pages and if victims interact with attackers'...

Prototype Pollution in silentmatt/expr-eval

✍️ Description With speficific input attckers can define properties on prototype, which will lead to prototype pollution. Need node version=12.0.0, which introduce Object.fromEntries 🕵️‍♂️ Proof of Concept // PoC.js const Parser = require'expr-eval'; const o = ; console.log"o.a=", o.a; // o.a=...

Code Injection in storybookjs/telejson

✍️ Description telejson is a library for teleporting rich data to another place. The telejson.reviver which is used to parse string data back to json structure can be abused to execute arbitrary code when the lazyEval option is set to false i.e., disabled. The root cause is the attackers can...

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-end" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-end p1-end & p2-end end XSS...

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS allows remote attackers to inject JavaScript via the "p0-start" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable Parameter: p0-start p1-start & p2-start...

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtererclient" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

Cross-site Scripting (XSS) - Generic in bigprof-software/online-invoicing-system

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "filtereritem" Parameter 🕵️‍♂️ Proof of Concept You can find installation instructions here: https://bigprof.com/appgini/applications/online-invoicing-system Vulnerable...

Code Injection in donmccurdy/expression-eval

✍️ Description Althrough we have decleared in the README.MD that do not use this package with user-provided inputs, but after i exam some project with this project, i found that many developers still use in that way, which may lead to some serious security problem. So I think that we still need to...

Cross-site Scripting (XSS) - Generic in maxsite/cms

✍️ Description Cross-site scripting also known as XSS is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites...

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishontime" Parameter 🕵️‍♂️ Proof of Concept Vulnerable Parameter: publishontime XSS payload: 17:59'"&%alert1 Steps to reproduce issue 1- Login to Fork admin panel 2-...

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "publishondate" Parameter 🕵️‍♂️ Proof of Concept Vulnerable parameter: publishondate XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2-...

Cross-site Scripting (XSS) - Generic in forkcms/library

✍️ Description Please enter a description of the vulnerability. Submitted values weren't escaped in case of date, time or hidden fields. This made it possible to perform an XSS attack by URL tampering 🕵️‍♂️ Proof of Concept Find a Spoon Form where there is a date, time or hidden field and pass...

Cross-site Scripting (XSS) - Stored in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "startdate" Parameter 🕵️‍♂️ Proof of Concept XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2- Goto Modules=Formbuilder 3- Turn on Burp...

Cross-site Scripting (XSS) - Generic in forkcms/forkcms

✍️ Description A cross-site scripting XSS issue in the Fork version 5.9.3 allows remote attackers to inject JavaScript via the "enddate" Parameter 🕵️‍♂️ Proof of Concept XSS payload: '"%26%25alert1 Steps to reproduce issue 1- Login to Fork admin panel 2- Goto Modules=Formbuilder 3- Turn on Burp...

Open Redirect in forkcms/forkcms

✍️ Description The forkcms is vulnerable to Open Redirect through invalid characters in the URL path. 🕵️‍♂️ Proof of Concept With an authenticated user, access: http://localhost/private/en/authentication?querystring=/%01/effectrenan.com 💥 Impact This vulnerability allows attackers to fool victims...

Open Redirect in forkcms/forkcms

✍️ Description Open redirect is a security flaw in an app or a web page that causes it to fail to properly authenticate URLs. When apps and web pages have requests for URLs, they are supposed to verify that those URLs are part of the intended page’s domain. Open redirect is a failure in that...

Command Injection in yibn2008/find-process

✍️ Description find-process is vulnerable to Command Injection through the find function. This function is capable to get information about running processes by PID number, port number or a string value. 🕵️‍♂️ Proof of Concept // PoC.js const find = require'find-process'; const command = "$touch...

Prototype Pollution in aheckmann/mquery

✍️ Description mquery is aware of the risk of prototype pollution in its exported functions cloneObject and merge and readily present protection by checking the key in var specialProperties = 'proto', 'constructor', 'prototype'. However, the current protection misses to protect another exported...

Prototype Pollution in automattic/mongoose

✍️ Description Mongoose is a MongoDB object modeling tool designed to work in an asynchronous environment. Mongoose supports both promises and callbacks. mongoose.Schema is subject to prototype pollution due to the recursively calling of Schema.prototype.add function to add new items into the...

Cross-site Scripting (XSS) - Generic in blackcatdevelopment/blackcatcms

✍️ Description 'Display name' Cross Site Scripting XSS 🕵️‍♂️ Proof of Concept 1. To exploit this vulnerability an attacker has a login in the admin panel and clicks on the admin profile button. Then use " onmouseover=alert1 " this XSS payload on Display name field and click on the Save button. 2...

Prototype Pollution in automattic/cli-table

Description Prototype Pollution in cli-table Proof of Concept 1. Create the following PoC file: // poc.js var cliTable = require"cli-table" const payload = JSON.parse'"proto":"polluted":"Yes! Its Polluted"'; var obj = console.log"Before : " + .polluted; cliTablepayload; console.log"After : " +...

Code Injection in prayag2/konsave

✍️ Description konsave is a CLI program that will let you save and apply your KDE Plasma customizations with just one command , which is vulnerable to YAML deserialization attack caused by unsafe loading leads to Arbitary Code Execution. 🕵️‍♂️ Proof of Concept Installation bash pip install konsave...

Code Injection in antoinestudio/dok

✍️ Description Dok is a documentation tool/system that converts an architecture of folders and files into a static website that anyone can explore. It can be seen as a personal assistant, it invites you to write, organize and then publish your personal knowledge online. , which is vulnerable to...

Command Injection in azure/ms-rest-nodeauth

✍️ Description the core function execAz which is purposely used for az command can be injected with arbitrary other OS commands. Also the attackers can exploit this vulnerability by calling AzureCliCredentials.setDefaultSubscription"OS command" from the Azure CLI. 🕵️‍♂️ Proof of Concept // PoC.js...

Command Injection in facebook/create-react-app

description react-dev-utils includes some utilities used by Create React App. The function getProcessForPort in react-dev-utils is vulnerable to command injection. PoC Create a .js file with the content below and run it, then the file pzhou@shu can be illegally created. var getProcessForPort =...

Code Injection in jeikeilim/kindle

Description Kindle is an easy model build package for PyTorch. Building a deep learning model became so simple that almost all model can be made by copy and paste from other existing model codes, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization atta...

Code Injection in sodadata/soda-sql

Description soda-sql Metric collection, data testing and monitoring for SQL accessible data, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install soda-sql Run exploit.py...

Cross-site Scripting (XSS) - Generic in cmason3/jinjafx

:book: Description JinjaFx is a Templating Tool that uses Jinja2 as the templating engine. It is written in Python and is extremely lightweight and hopefully simple - it doesn't require any Python modules that aren't in the base install, with the exception of jinja2 for obvious reasons, this...

Code Injection in vitessio/arewefastyet

:book: Description arewefastyet Nightly Benchmarks Project, this package is vulnerable for arbitaryCodeexecution https://github.com/cmason3/jinjafx :recycle: Steps To Reproduce-: 0 git clone http://github.com/vitessio/arewefastyet 1 run as in poc.png :telescope: POC 💥 Impact Arbitary code executi...

Path Traversal in mucommander/mucommander

:book: Description mucommander A lightweight, cross-platform file manager with a dual-pane interface. This package is vulnerable for zip-slip. https://github.com/mucommander/mucommander https://www.mucommander.com/ :recycle: Steps To Reproduce-: 0 download and run latest release from...

Code Injection in dimodimchev/access-control

Description Access-Control package is vulnerable to Arbitary Code Execution due to insecure yaml desearilization. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept steps to reproduce: python import os os.system'git clone...

Cross-site Scripting (XSS) - Generic in prasathmani/tinyfilemanager

:book: Description TinyFileManager is web based file manager and it is a simple, fast and small file manager with a single file, multi-language ready web application for storing, uploading, editing and managing files and folders online via web browser. The Application runs on PHP 5.5+, It allows...

Code Injection in xdf8/deepfriedbot

Description DeepFriedBot is a telegram bot that sends random deep fried memes, package is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept python import os os.system'https://github.com/xdf8/DeepFriedBot'...

Code Injection in ngockhanh5110/nlp-vietnamese-text-summarization

Description nlp-vietnamese-text-summarization package is vulnerable to Arbitary Code Execution due to insecure yaml desearilization. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept steps to reproduce: python import os...

Server-Side Request Forgery (SSRF) in sebhildebrandt/systeminformation

Description systeminformation package is vulnerable to Server-side request forgery. It allows attackers to abuse of @ to make requests to a different domain or possibility to applications that are not publicly exposed through http://[email protected]:8080. Proof of Concept javascript cons...

Code Injection in adobe/ops-cli

Description ops-cli is a wrapper for Terraform, Ansible, Helmfile and SSH for cloud automation , which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip install ops-cli Run exploit.py...

Cross-site Scripting (XSS) - Generic in ciur/papermerge-js

Description Papermerge is an open source document management system DMS primarily designed for archiving and retrieving your digital documents. Instead of having piles of paper documents all over your desk, office or drawers - you can quickly scan them and configure your scanner to directly uploa...

Prototype Pollution in trenskow/keyd

Description keyd is vulnerable to Prototype Pollution. This package fails to restrict access to prototypes of objects, allowing for modification of prototype behavior using a proto payload, which may result in Sensitive Information Disclosure/Denial of ServiceDoS/Remote Code Execution. Proof of...

Code Injection in adobe/himl

Description himl is a hierarchical config using yaml in Python, which is vulnerable to Arbitary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip install himl Run exploit.py import os os.system'pip install himl...

Code Injection in heartexlabs/label-studio

Description Label Studio is a swiss army knife of data labeling and annotation tools which is vulnerable to Arbitrary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash pip3 install label-studio Run exploit.py impor...

Code Injection in unix121/i3wm-themer

Description i3wm-themer is the theme collection manager for i3-wm which is vulnerable to Arbitrary Code Execution. Vulnerability Vulnerable to YAML deserialization attack caused by unsafe loading. Proof of Concept Installation bash git clone https://github.com/unix121/i3wm-themer cd i3wm-themer/...

Prototype Pollution in elcharitas/js-dot

Description Prototype Pollution in js-dot Proof of Concept 1. Create the following PoC file: // poc.js var jsDot = require"js-dot" var obj = console.log"Before : " + .polluted; jsDot.setobj,"proto.polluted","Yes! Its Polluted"; console.log"After : " + .polluted; 2. Execute the following commands ...

Prototype Pollution in allain/propper

Description Prototype Pollution in propper Proof of Concept 1. Create the following PoC file: // poc.js var propper = require"propper" var obj = console.log"Before : " + .polluted; propperobj,"proto.polluted","Yes! Its Polluted"; console.log"After : " + .polluted; 2. Execute the following command...

Command Injection in sebhildebrandt/systeminformation

Description systeminformation is vulnerable to Command Injection vulnerability. It is possible to send an array containing OS commands, which bypass the filters. Proof of Concept 1. Create a Javascript file with the content below: javascript const si = require'systeminformation'; const command =...