Victor Chibotaru
Victor Chibotaru
Hello, I have discovered a piece of code vulnerable to Path Traversal attacks (https://www.owasp.org/index.php/Path_Traversal). In short, the attacker might be able to read arbitrary files from the server. I don't...
I found an XSS (https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)) vulnerability in the explore endpoint. Proof of concept:  Please consider my quick fix for it.
Hello, I noticed several [SQL Injections](https://www.owasp.org/index.php/SQL_Injection) in Server/database.py. For example: https://github.com/sharadbhat/VideoHub/blob/dcc33083863b85f908bc8dab720e34c44d5fddad/Server/database.py#L28 The issue here is that the unsanitized username is used to build an SQL query, which then gets executed....
Hey, I noticed that code in line 162 of browser/views.py (https://github.com/mgymrek/pybamview/blob/719c4251769510260d29287074845650b399a3d0/pybamview/browser/views.py#L162) is vulnerable to Remote Code Execution (https://en.wikipedia.org/wiki/Arbitrary_code_execution). The user input flows from the filename field of the HTML form...
Hey, I noticed a possible XSS (https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)) vulnerability in line: https://github.com/kylewm/silo.pub/blob/46aece85f8918f56ed75f1e11b544c10f70a17fc/silopub/micropub.py#L107 Unsanitized user input gets into flask.make_response() and then into user's browser. This opens a possibility for the attacker to...
Hey, I noticed a possible XSS (https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)) vulnerability in line: https://github.com/kylewm/woodwind/blob/82fc01dbf489185feda2e7c2037c76d1f44f4b85/woodwind/push.py#L40 Unsanitized user input gets into flask.make_response() and then into user's browser. This opens a possibility for the attacker to...