Skip to content

Instantly share code, notes, and snippets.

Avatar

Feras Al-Kassar enferas

  • Jean Monnet University
  • Saint-Etienne, France
View GitHub Profile
@enferas
enferas / XSS_pfesense.md
Created Oct 2, 2022
XSS in pfsense v2.5.2
View XSS_pfesense.md
@enferas
enferas / XSS_Cacti.md
Last active Sep 22, 2022
XSS vulnerability in Cacti
View XSS_Cacti.md
@enferas
enferas / CVE-2022-34026.md
Created Sep 22, 2022
directory traversal in ICEcoder
View CVE-2022-34026.md
@enferas
enferas / header_injection_phpipam.md
Created Sep 22, 2022
Header injection (SSRF) vulnerability in phpipam
View header_injection_phpipam.md

Header injection vulnerability in phpipam https://github.com/phpipam/phpipam version v1.5.0

The path of the vulnerability:

<?php
//In file https://github.com/phpipam/phpipam/blob/master/app/admin/subnets/ripe-query.php
//line 21
// the source is $_POST[‘subnet’]
$res = $Subnets->resolve_ripe_arin ($_POST['subnet']);
@enferas
enferas / CVE-2022-36747.md
Last active Sep 22, 2022
XSS vulnerability in Razor
View CVE-2022-36747.md