“Freelancer Office” by gitbench privilege escalation vulnerability

Working together with Digital Security Alliance, filling a request to do penetration testing through clients infrastructure, we found privilege escalation vulnerability in “Freelancer Office” by gitbench. The exploit affects all versions above 1.7 (including current release) and can be done in less than 2 minutes, with browser as the only required tool. Simple Google Dork due to scripts copyright allowed us to find hundreds of vulnerable targets within seconds. All of the targets confirmed that the issue indeed isn’t a false positive. Informing both the author gitbench (via wm@gitbench.com – William Mandai) and distributor Envato, CodeCanyon (via their support channel) is without

Continue Reading