If it hasn't been obvious from my latest round of posts, I've been trying to improve my bug hunting skills. Essentially, I've been finding applications with recently disclosed vulnerabilities, installing the current version, and then hunting for more vulnerabilities. My thinking is that if there's one recent bug, there are probably more.  At the very least, I should be able to find a cross site scripting vulnerability (XSS).

XSS is the equivalent of hacker graffiti but if you can steal the session cookie, you can possibly turn that into session hijacking and / or cross site request forgery (CSRF). That makes things a little more interesting than just an alert message.

I saw a recently vulnerability discovered in Kimai which is a time tracking application. I fired up Kimai on a server and I started to poke around.

Read more: HttpOnly

Disclosure date:  08/19/19

CVE-2019-15230

LibreNMS v1.54 and possibly before are affected by numerous Cross Site Script vulnerabilities in the "Create User", "Inventory", "Add Device", "Notifications", "Alert Rule", "Create Maintenance", "Alert Template", and "Alert Template" sections of the admin console.  This could lead to cookie stealing and other malicious actions.  This vulnerability can be exploited with an authenticated account.  

Read more: LibreNMS v1.54 XSS

MyT Project Management 1.5.1 and possibly before are affected by a cross site scripting vulnerability that can be leveraged for session hijacking.  An attacker can leverage the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account.

Read more: MyT Project Management 1.5.1 XSS / Session Hijack

Disclosure date:  08/17/19

CVE-2019-15229

FuelCMS 1.4.4 and possibly before are affected by a Cross Site Request Forgery vulnerability in the Create Blocks section of the Admin console.  This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

Read more: FuelCMS 1.4.4 CSRF

Disclosure date:  8/19/19

CVE-2019-15496

MyT Project Management 1.5.1 and possibly before are affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection.  This could lead to an attacker tricking the administrator into executing arbitrary code via a specially crafted HTML page.

Read more: MyT Project Management 1.5.1 CSRF

Disclosure date:  08/17/19

CVE-2019-15228

FuelCMS 1.4.4 and possibly before are affected by a Cross Site Scripting vulnerability in the Create Blocks section of the Admin console.  This could lead to cookie stealing and other malicious
actions.  This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors.

Read more: FuelCMS 1.4.4 XSS