bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DB: 2019-05-01

Browse source 
2 changes to exploits/shellcodes

CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting
This commit is contained in:
Offensive Security 2019-05-01 12:01:09 +00:00
parent f3c28b3d62
commit c0676d0ecf
3 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
exploits/linux/webapps/46784.txt Normal file
View file

@ -0,0 +1,18 @@
# Exploit Title: CentOS Web Panel - Domain Field (Add DNS Zone) Cross-Site Scripting Vulnerability
# Google Dork: N/A
# Date: 22 - April - 2019
# Exploit Author: DKM
# Vendor Homepage: http://centos-webpanel.com
# Software Link: http://centos-webpanel.com
# Version: v0.9.8.793 (Free), v0.9.8.753 (Pro) and 0.9.8.807 (Pro)
# Tested on: CentOS 7
# CVE : CVE-2019-11429
# Description:
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.
# Steps to Reproduce:
1. Login into the CentOS Web Panel using admin credential.
2. From Navigation Click on "DNS Functions" > "Add DNS Zone"
3. In "Domain" field give simple payload as: "<script>alert(1)</script>//" , fill other details like IP and Admin Email and Click "Add DNS zone"
4. Now one can see that the XSS Payload executed.

2
exploits/php/webapps/34589.txt
View file

@ -29,7 +29,7 @@ concat_ws(0x3a,version(),database(),user()),2,3,4,5,6,7
2. FULL PATH DISCLOSURE
a) URL :
http://localhost/wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/admin/downloadAttachment.php?path=/var/www/wp-content/uploads/2014/09/file.pdf
http://localhost/wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/admin/downloadAttachment.php?path=/var/www/html/wp-content/uploads/2014/09/file.pdf
* full path to the file will be shown to the user after the file has been
uploaded
b) URL :

1
files_exploits.csv
View file

@ -41213,5 +41213,6 @@ id,file,description,date,author,type,platform,port
46773,exploits/multiple/webapps/46773.py,"Domoticz 4.10577 - Unauthenticated Remote Command Execution",2019-04-30,"Fabio Carretto",webapps,multiple,
46774,exploits/php/webapps/46774.txt,"Joomla! Component JiFile 2.3.1 - Arbitrary File Download",2019-04-30,"Mr Winst0n",webapps,php,80
46776,exploits/php/webapps/46776.txt,"Hyvikk Fleet Manager - Shell Upload",2019-04-30,saxgy1331,webapps,php,
46784,exploits/linux/webapps/46784.txt,"CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting",2019-05-01,DKM,webapps,linux,
46777,exploits/php/webapps/46777.txt,"Agent Tesla Botnet - Information Disclosure",2019-04-30,n4pst3r,webapps,php,
46780,exploits/windows/webapps/46780.py,"Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution",2019-04-30,"Avinash Kumar Thapa",webapps,windows,

Can't render this file because it is too large.