bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2024-08-24

Browse source 
4 changes to exploits/shellcodes/ghdb

Calibre-web 0.6.21 - Stored XSS

Helpdeskz v2.0.2 - Stored XSS
This commit is contained in:
Exploit-DB 2024-08-24 00:16:35 +00:00
parent 507bd26e3e
commit 809d81619e
4 changed files with 76 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
exploits/multiple/webapps/52067.txt Normal file
View file

@ -0,0 +1,21 @@
# Exploit Title: Stored XSS in Calibre-web
# Date: 07/05/2024
# Exploit Authors: Pentest-Tools.com (Catalin Iovita & Alexandru Postolache)
# Vendor Homepage: (https://github.com/janeczku/calibre-web/)
# Version: 0.6.21 - Romesa
# Tested on: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4
# CVE: CVE-2024-39123
## Vulnerability Description
Calibre-web 0.6.21 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.
## Steps to Reproduce
1. Log in to the application.
2. Upload a new book.
3. Access the Books List functionality from the `/table?data=list&sort_param=stored` endpoint.
4. In the `Comments` field, input the following payload:
<a href=javas%1Bcript:alert()>Hello there!</a>
4. Save the changes.
5. Upon clicking the description on the book that was created, in the Book Details, the payload was successfully injected in the Description field. By clicking on the message, an alert box will appear, indicating the execution of the injected script.

29
exploits/php/webapps/52068.txt Normal file
View file

@ -0,0 +1,29 @@
# Exploit Title: Stored XSS Vulnerability via File Name
# Google Dork: N/A
# Date: 08 Aug 2024
# Exploit Author: Md. Sadikul Islam
# Vendor Homepage: https://www.helpdeskz.com/
# Software Link:
https://github.com/helpdesk-z/helpdeskz-dev/archive/2.0.2.zip
# Version: v2.0.2
# Tested on: Kali Linux / Firefox 115.1.0esr (64-bit)
# CVE : N/A
Payload: "><img src=x onerror=alert(1);>
Filename can be Payload: "><img src=x onerror=alert(1);>.jpg
VIdeo PoC:
https://drive.google.com/file/d/1_yh0UsX8h7YcSU1kFvg_bBwk9T7kx1K1/view?usp=drive_link
Steps to Reproduce:
1. Log in as a regular user and create a new ticket.
2. Fill out all the required fields with the necessary information.
3. Attach an image file with a malicious payload embedded in the
filename.
4. Submit the ticket.
5. Access the ticket from the administration panel to trigger the
payload execution.
Cross-Site Scripting (XSS) exploits can compromise the administration
panel, directly affecting administrators by allowing malicious scripts to
execute within their privileged environment.

2
files_exploits.csv
View file

@ -11754,6 +11754,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
48791,exploits/multiple/webapps/48791.txt,"Cabot 0.11.12 - Persistent Cross-Site Scripting",2020-09-07,"Abhiram V",webapps,multiple,,2020-09-07,2020-09-07,0,,,,,, 48791,exploits/multiple/webapps/48791.txt,"Cabot 0.11.12 - Persistent Cross-Site Scripting",2020-09-07,"Abhiram V",webapps,multiple,,2020-09-07,2020-09-07,0,,,,,,
48144,exploits/multiple/webapps/48144.py,"Cacti 1.2.8 - Authenticated Remote Code Execution",2020-02-03,Askar,webapps,multiple,,2020-02-27,2020-02-27,0,CVE-2020-8813,,,,,https://github.com/mhaskar/CVE-2020-8813/blob/4877c2b2f378ce5937f56b259b69b02840514d4c/Cacti-postauth-rce.py 48144,exploits/multiple/webapps/48144.py,"Cacti 1.2.8 - Authenticated Remote Code Execution",2020-02-03,Askar,webapps,multiple,,2020-02-27,2020-02-27,0,CVE-2020-8813,,,,,https://github.com/mhaskar/CVE-2020-8813/blob/4877c2b2f378ce5937f56b259b69b02840514d4c/Cacti-postauth-rce.py
48145,exploits/multiple/webapps/48145.py,"Cacti 1.2.8 - Unauthenticated Remote Code Execution",2020-02-03,Askar,webapps,multiple,,2020-02-27,2020-02-27,0,CVE-2020-8813,,,,,https://github.com/mhaskar/CVE-2020-8813/blob/dfb48378f39249ff54ecf24ccd3b89db26971ccf/Cacti-preauth-rce.py 48145,exploits/multiple/webapps/48145.py,"Cacti 1.2.8 - Unauthenticated Remote Code Execution",2020-02-03,Askar,webapps,multiple,,2020-02-27,2020-02-27,0,CVE-2020-8813,,,,,https://github.com/mhaskar/CVE-2020-8813/blob/dfb48378f39249ff54ecf24ccd3b89db26971ccf/Cacti-preauth-rce.py
52067,exploits/multiple/webapps/52067.txt,"Calibre-web 0.6.21 - Stored XSS",2024-08-23,"Catalin Iovita_ Alexandru Postolache",webapps,multiple,,2024-08-23,2024-08-23,0,,,,,,
18430,exploits/multiple/webapps/18430.txt,"Campaign Enterprise 11.0.421 - SQL Injection",2012-01-30,"Craig Freyman",webapps,multiple,,2012-01-30,2012-01-30,0,OSVDB-78888,,,,, 18430,exploits/multiple/webapps/18430.txt,"Campaign Enterprise 11.0.421 - SQL Injection",2012-01-30,"Craig Freyman",webapps,multiple,,2012-01-30,2012-01-30,0,OSVDB-78888,,,,,
18247,exploits/multiple/webapps/18247.txt,"Capexweb 1.1 - SQL Injection",2011-12-16,"D1rt3 Dud3",webapps,multiple,,2011-12-16,2011-12-16,1,OSVDB-77998;CVE-2011-5031,,,,, 18247,exploits/multiple/webapps/18247.txt,"Capexweb 1.1 - SQL Injection",2011-12-16,"D1rt3 Dud3",webapps,multiple,,2011-12-16,2011-12-16,1,OSVDB-77998;CVE-2011-5031,,,,,
50792,exploits/multiple/webapps/50792.go,"Casdoor 1.13.0 - SQL Injection (Unauthenticated)",2022-02-28,"Mayank Deshmukh",webapps,multiple,,2022-02-28,2022-02-28,0,CVE-2022-24124,,,,, 50792,exploits/multiple/webapps/50792.go,"Casdoor 1.13.0 - SQL Injection (Unauthenticated)",2022-02-28,"Mayank Deshmukh",webapps,multiple,,2022-02-28,2022-02-28,0,CVE-2022-24124,,,,,
@ -19615,6 +19616,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
10788,exploits/php/webapps/10788.txt,"Helpdesk Pilot Knowledge Base 4.4.0 - SQL Injection",2009-12-29,kaMtiEz,webapps,php,,2009-12-28,,1,,,,,, 10788,exploits/php/webapps/10788.txt,"Helpdesk Pilot Knowledge Base 4.4.0 - SQL Injection",2009-12-29,kaMtiEz,webapps,php,,2009-12-28,,1,,,,,,
40300,exploits/php/webapps/40300.py,"HelpDeskZ 1.0.2 - Arbitrary File Upload",2016-08-29,"Lars Morgenroth",webapps,php,80,2016-08-29,2020-05-26,0,,,,,http://www.exploit-db.comHelpDeskZ-1.0-master.zip, 40300,exploits/php/webapps/40300.py,"HelpDeskZ 1.0.2 - Arbitrary File Upload",2016-08-29,"Lars Morgenroth",webapps,php,80,2016-08-29,2020-05-26,0,,,,,http://www.exploit-db.comHelpDeskZ-1.0-master.zip,
41200,exploits/php/webapps/41200.py,"HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download",2017-01-30,"Mariusz Poplawski",webapps,php,,2017-01-30,2017-01-31,1,,,,http://www.exploit-db.com/screenshots/idlt41500/screen-shot-2017-01-30-at-222713.png,http://www.exploit-db.comHelpDeskZ-1.0-master.zip, 41200,exploits/php/webapps/41200.py,"HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download",2017-01-30,"Mariusz Poplawski",webapps,php,,2017-01-30,2017-01-31,1,,,,http://www.exploit-db.com/screenshots/idlt41500/screen-shot-2017-01-30-at-222713.png,http://www.exploit-db.comHelpDeskZ-1.0-master.zip,
52068,exploits/php/webapps/52068.txt,"Helpdeskz v2.0.2 - Stored XSS",2024-08-23,"Md. Sadikul Islam",webapps,php,,2024-08-23,2024-08-23,0,,,,,,
45847,exploits/php/webapps/45847.txt,"Helpdezk 1.1.1 - 'query' SQL Injection",2018-11-14,"Ihsan Sencan",webapps,php,80,2018-11-14,2018-11-14,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comhelpdezk-1.1.1.zip, 45847,exploits/php/webapps/45847.txt,"Helpdezk 1.1.1 - 'query' SQL Injection",2018-11-14,"Ihsan Sencan",webapps,php,80,2018-11-14,2018-11-14,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comhelpdezk-1.1.1.zip,
45882,exploits/php/webapps/45882.txt,"Helpdezk 1.1.1 - Arbitrary File Upload",2018-11-16,"Ihsan Sencan",webapps,php,80,2018-11-16,2018-11-20,0,,,,,, 45882,exploits/php/webapps/45882.txt,"Helpdezk 1.1.1 - Arbitrary File Upload",2018-11-16,"Ihsan Sencan",webapps,php,80,2018-11-16,2018-11-20,0,,,,,,
41824,exploits/php/webapps/41824.txt,"HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution",2017-04-05,rungga_reksya,webapps,php,,2017-04-06,2017-04-06,0,CVE-2017-7447;CVE-2017-7446,,,,http://www.exploit-db.comhelpdezk-1.1.1.zip, 41824,exploits/php/webapps/41824.txt,"HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution",2017-04-05,rungga_reksya,webapps,php,,2017-04-06,2017-04-06,0,CVE-2017-7447;CVE-2017-7446,,,,http://www.exploit-db.comhelpdezk-1.1.1.zip,

Can't render this file because it is too large.

24
ghdb.xml
View file

@ -60756,6 +60756,18 @@ Sajan Dhakate
<date>2020-10-19</date> <date>2020-10-19</date>
<author>Sajan Dhakate</author> <author>Sajan Dhakate</author>
</entry> </entry>
<entry>
<id>8452</id>
<link>https://www.exploit-db.com/ghdb/8452</link>
<category>Files Containing Passwords</category>
<shortDescription>ext:nix &quot;BEGIN OPENSSH PRIVATE KEY&quot;</shortDescription>
<textualDescription>ext:nix &quot;BEGIN OPENSSH PRIVATE KEY&quot;</textualDescription>
<query>ext:nix &quot;BEGIN OPENSSH PRIVATE KEY&quot;</query>
<querystring>https://www.google.com/search?q=ext:nix &quot;BEGIN OPENSSH PRIVATE KEY&quot;</querystring>
<edb></edb>
<date>2024-08-23</date>
<author>kstrawn0</author>
</entry>
<entry> <entry>
<id>1239</id> <id>1239</id>
<link>https://www.exploit-db.com/ghdb/1239</link> <link>https://www.exploit-db.com/ghdb/1239</link>
@ -65035,6 +65047,18 @@ See also: http://www.elladodelmal.com/2017/02/cloudshark-tus-credenciales-en-las
<date>2021-11-15</date> <date>2021-11-15</date>
<author>Anirudh Kumar Kushwaha</author> <author>Anirudh Kumar Kushwaha</author>
</entry> </entry>
<entry>
<id>8451</id>
<link>https://www.exploit-db.com/ghdb/8451</link>
<category>Files Containing Passwords</category>
<shortDescription>site:github.com &quot;BEGIN OPENSSH PRIVATE KEY&quot;</shortDescription>
<textualDescription>site:github.com &quot;BEGIN OPENSSH PRIVATE KEY&quot;</textualDescription>
<query>site:github.com &quot;BEGIN OPENSSH PRIVATE KEY&quot;</query>
<querystring>https://www.google.com/search?q=site:github.com &quot;BEGIN OPENSSH PRIVATE KEY&quot;</querystring>
<edb></edb>
<date>2024-08-23</date>
<author>kstrawn0</author>
</entry>
<entry> <entry>
<id>4299</id> <id>4299</id>
<link>https://www.exploit-db.com/ghdb/4299</link> <link>https://www.exploit-db.com/ghdb/4299</link>