NinjaGPT

icon location Canada icon location C'est la vie

Results 41 issues of NinjaGPT

Sensitive Info Disclosure ( unauthenticated Spring Boot Admin & actuator)

# Summary The latest version (v3.3.4) of xboot allows unauthenticated access to both Spring Boot Admin and Spring Actuator, resulting in the exposure of extensive server configuration information and environment...

Unrestricted Upload of File with Dangerous Type (CWE-434) /xboot/upload/file

# Summary The endpoint "/xboot/upload/file" allows attackers to upload malicious files with arbitrary extensions, potentially creating attack vectors for stored Cross-Site Scripting (XSS), even Remote Code Execution (RCE) attacks. #...

SSRF vulnerability on /xboot/common/swagger/login

# Summary A SSRF vulnerability was discovered on the endpoint /xboot/common/swagger/login in latest version (v3.3.4) of xboot. The target URI parameter for network requests is user-controllable and lacks sufficient security...

User's Sensitive Information is included in Cookies

# Summary In the latest version (v3.3.4) of xboot, there are security flaws in the cookie design. Sensitive user information including uid, username, nickname, mobile, email, address, sex, avatar URL,...

Logic Vulnerability - express fee

# Summary A logic vulnerability exists on the endpoint /admin/config/express, where logistics costs can be set to negative values, resulting in economic losses. # POC ``` POST /admin/config/express HTTP/1.1 Host:...

Unrestricted Upload of File with Dangerous Type (CWE-434)

# Summary The endpoint /admin/storage/create allow attacker uploads arbitrary type of file without sanitizer, which leads to Stored XSS, even RCE. # Details - litemall-admin-api/src/main/java/org/linlinjava/litemall/admin/web/AdminStorageController.java ``` @RequiresPermissions("admin:storage:create") @RequiresPermissionsDesc(menu = {"系统管理",...

SSRF vulnerability

## Summary A SSRF vulnerability was discovered on endpoint /server/checkConnectivity in latest version of PowerJob. The target URI parameter for network requests is user-controllable and lacks sufficient security processing, resulting...

bug

SSRF vulnerability on /collect/getCollectLogoUrl

# Summary A SSRF vulnerability was discovered on /collect/getCollectLogoUrl in latest version (v1.3.0) of favorites-web. The target URI parameter for network requests is user-controllable and lacks sufficient security processing, resulting...

Frame Injection

# Summary User-controlled img src allows loading untrusted frames, enabling internal service probe & info gathering, content manipulation within trusted contexts. # POC

CAPTCHA reuse vulerability

# Summary In the frontend blog article comment functionality, the verification code does not automatically refresh, making it reusable. Attackers can exploit this vulnerability to submit massive amounts of comments,...