From c0676d0ecf84f7c1dc56b7e1571e2c914a622ae0 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Wed, 1 May 2019 12:01:09 +0000 Subject: [PATCH] DB: 2019-05-01 2 changes to exploits/shellcodes CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting --- exploits/linux/webapps/46784.txt | 18 ++++++++++++++++++ exploits/php/webapps/34589.txt | 2 +- files_exploits.csv | 1 + 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 exploits/linux/webapps/46784.txt diff --git a/exploits/linux/webapps/46784.txt b/exploits/linux/webapps/46784.txt new file mode 100644 index 000000000..993276d34 --- /dev/null +++ b/exploits/linux/webapps/46784.txt @@ -0,0 +1,18 @@ +# Exploit Title: CentOS Web Panel - Domain Field (Add DNS Zone) Cross-Site Scripting Vulnerability +# Google Dork: N/A +# Date: 22 - April - 2019 +# Exploit Author: DKM +# Vendor Homepage: http://centos-webpanel.com +# Software Link: http://centos-webpanel.com +# Version: v0.9.8.793 (Free), v0.9.8.753 (Pro) and 0.9.8.807 (Pro) +# Tested on: CentOS 7 +# CVE : CVE-2019-11429 + +# Description: +CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen. + +# Steps to Reproduce: +1. Login into the CentOS Web Panel using admin credential. +2. From Navigation Click on "DNS Functions" > "Add DNS Zone" +3. In "Domain" field give simple payload as: "//" , fill other details like IP and Admin Email and Click "Add DNS zone" +4. Now one can see that the XSS Payload executed. \ No newline at end of file diff --git a/exploits/php/webapps/34589.txt b/exploits/php/webapps/34589.txt index c5b217567..d14bb5346 100644 --- a/exploits/php/webapps/34589.txt +++ b/exploits/php/webapps/34589.txt @@ -29,7 +29,7 @@ concat_ws(0x3a,version(),database(),user()),2,3,4,5,6,7 2. FULL PATH DISCLOSURE a) URL : -http://localhost/wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/admin/downloadAttachment.php?path=/var/www/wp-content/uploads/2014/09/file.pdf +http://localhost/wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/admin/downloadAttachment.php?path=/var/www/html/wp-content/uploads/2014/09/file.pdf * full path to the file will be shown to the user after the file has been uploaded b) URL : diff --git a/files_exploits.csv b/files_exploits.csv index acdbefa5f..844828983 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -41213,5 +41213,6 @@ id,file,description,date,author,type,platform,port 46773,exploits/multiple/webapps/46773.py,"Domoticz 4.10577 - Unauthenticated Remote Command Execution",2019-04-30,"Fabio Carretto",webapps,multiple, 46774,exploits/php/webapps/46774.txt,"Joomla! Component JiFile 2.3.1 - Arbitrary File Download",2019-04-30,"Mr Winst0n",webapps,php,80 46776,exploits/php/webapps/46776.txt,"Hyvikk Fleet Manager - Shell Upload",2019-04-30,saxgy1331,webapps,php, +46784,exploits/linux/webapps/46784.txt,"CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting",2019-05-01,DKM,webapps,linux, 46777,exploits/php/webapps/46777.txt,"Agent Tesla Botnet - Information Disclosure",2019-04-30,n4pst3r,webapps,php, 46780,exploits/windows/webapps/46780.py,"Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution",2019-04-30,"Avinash Kumar Thapa",webapps,windows,