-
Notifications
You must be signed in to change notification settings - Fork 272
-
Notifications
You must be signed in to change notification settings - Fork 272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multiple Vulnerabilities #254
Comments
Hi, Sorry to be rude, but I have received many similar messages that all end up by me wasting a lot of time:
Plus your approach is odd. What do you mean by "multiple" ? Why should I contact you to solve these vulnerabilities ? It is an OSS, you should fill an issue or contact me directly by email (or push a PR). So I am going to close this issue and ask you to provide facts and numbers. |
Example of vulnerabilities: #1 SQLi (enddate parameter) csrf_test_jorani=0d1cad61640cc57dad8f244011bd7304&id=1&type=compensate&startdate=2018-08-02&enddate=2018-08-03'&startdatetype=Morning&enddatetype=Afternoon&leave_id= POST /jorani/leaves/validate HTTP/1.1 csrf_test_jorani=0d1cad61640cc57dad8f244011bd7304&id=1&type=compensate&startdate=2018-08-02&enddate=2018-08-03''&startdatetype=Morning&enddatetype=Afternoon&leave_id= #2 XSS (language parameter) |
The XSS vulnerability you gave as an example causes a JavaScript error and the exploiter cannot login, but no damage is done, no data is modified and the exploiter cannot elevate his privileges with this technique. |
For the SQL injection I am not sure about what result you got. First, the exploiter needs:
Imagine that you connect to the demo: https://demo.jorani.org/ And then in the console you execute this code (you need to change the leave id so as to respect rule number 2):
It is impossible to get a 200 OK code with the payload of your POC for two reasons:
|
Hi, Test XSS (view PoC - anti-csrf not necessary) Go to --> localhost/session/language?last_page=session%2Flogin&language=en%22%3E%3Cscript%3Ealert(%27PoC%20CVE-2018-15917%27)%3C%2Fscript%3E&login=&CipheredValue= Test SQLi Confirmed by Exploit-DB (Need user) Use sqlmap to exploit with parameters: More info: |
Hi, The latest stable version is still vulnerable to these vulnerabilities: https://github.com/bbalet/jorani/releases/download/v0.6.5/jorani-0.6.5.zip I advise you to create a new archive that no longer contains these vulnerabilities. Regards, abc |
Hi,
The last version 0.6.5 has multiple critical vulnerabilities, please contact me to solve it.
Thank you!
The text was updated successfully, but these errors were encountered: