Skip to content

Instantly share code, notes, and snippets.

View ipxsec's full-sized avatar

Abdulwahab ipxsec

  • Freelancer
  • Saudi Arabia
  • X @ipxsec
View GitHub Profile
@ipxsec
ipxsec / Solvait PrivEsc.md
Last active October 2, 2024 20:53
Solvait PrivEsc

Improper Access Control in Leaves Requests

Description:

A security flaw has been discovered in Solvait version 24.4.2 that allows an attacker to elevate their privileges. By manipulating the Request ID and Action Type parameters in the /AssignToMe/SetAction request, an attacker can alter the approval status of any request submitted by a regular employee. The approval status will appear as if it was changed by the employee's manager. This vulnerability affects all employees using this version of the software within the company.

Impact

The vulnerability enables an attacker to gain unauthorized privileges by manipulating request parameters. As a result, the attacker can bypass approval workflows, potentially leading to unauthorized access to sensitive information or approval of fraudulent requests. This issue compromises the integrity of the approval process and can significantly undermine trust in the system's security.

Vulnerability path:

@ipxsec
ipxsec / Solvait SXSS.md
Last active August 21, 2024 10:01
Solvait Stored XSS

Stored XSS

Description:

Stored Cross-Site Scripting (XSS) vulnerability in Solvait version 24.4.2 allows remote attackers to inject malicious scripts into the application. This issue arises due to insufficient input validation and sanitization in "Intrest" feature, which permits user-supplied input to be saved and later rendered as part of the web application's content.

Impact

An attacker can exploit this vulnerability by executing arbitrary JavaScript code in the of the victim's browser session.

User Enumeration

Description:

An issue in ZKTeco BioTime v.8.5.4 allows a remote attacker to obtain sensitive information.

Impact

An attacker can perform a brute-force attack with common usernames, or may use census data of common last names and append each letter of the alphabet to generate valid username lists.

Vulnerability path:

@ipxsec
ipxsec / CVE-2023-51141.md
Last active August 20, 2024 11:33
CVE-2023-51141

Information Disclosure - Internal Users

Description:

ZKTeko BioTime v.8.5.4 contains an affected endpoint that discloses employees data (name, employment ID, photo, etc) which can be accessed without authentication and authorization checks.

Impact

An attacker might use the disclosed information to gain a greater understanding of the systems and the employees and potentially develop further attacks targeted at the organization e.g. the attacker might use the employees usernames and IDs to gain access to different employees-only systems. Also, The attacker can leak those information to the internet.

Vulnerability path: