From d68f18cb8e71f467b16cd07c6fab28db0413a9e2 Mon Sep 17 00:00:00 2001 From: Offensive Security Date: Sat, 30 Mar 2019 05:02:01 +0000 Subject: [PATCH] DB: 2019-03-30 6 changes to exploits/shellcodes Fat Free CRM 0.19.0 - HTML Injection CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting --- exploits/linux/local/37293.txt | 2 +- exploits/linux/webapps/46629.txt | 19 +++++++++++++++++++ exploits/php/webapps/44105.txt | 3 ++- exploits/{php => ruby}/webapps/46617.txt | 0 files_exploits.csv | 3 ++- 5 files changed, 24 insertions(+), 3 deletions(-) create mode 100644 exploits/linux/webapps/46629.txt rename exploits/{php => ruby}/webapps/46617.txt (100%) diff --git a/exploits/linux/local/37293.txt b/exploits/linux/local/37293.txt index a354ef5c2..4822bc47c 100644 --- a/exploits/linux/local/37293.txt +++ b/exploits/linux/local/37293.txt @@ -94,4 +94,4 @@ References -## EDB Note: Exploit Mirror - https://www.exploit-db.com/exploits/37292/ \ No newline at end of file +## EDB Note: Exploit Mirror - https://www.exploit-db.com/exploits/37292 \ No newline at end of file diff --git a/exploits/linux/webapps/46629.txt b/exploits/linux/webapps/46629.txt new file mode 100644 index 000000000..e49ba67eb --- /dev/null +++ b/exploits/linux/webapps/46629.txt @@ -0,0 +1,19 @@ +# Exploit Title: CentOS Web Panel 0.9.8.789 - NameServer Field Stored Cross-Site Scripting Vulnerability +# Google Dork: N/A +# Date: 28 - March - 2019 +# Exploit Author: DKM +# Vendor Homepage: http://centos-webpanel.com +# Software Link: http://centos-webpanel.com +# Version: 0.9.8.789 +# Tested on: CentOS 7 +# CVE : CVE-2019-10261 + +# Description: +CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.789 is vulnerable to Stored/Persistent XSS for the "Name Server 1" and "Name Server 2" fields via "DNS Functions" for "Edit Nameservers IPs" action. This is because the application does not properly sanitize the users input. + + +# Steps to Reproduce: +1. Login into the CentOS Web Panel using admin credential. +2. From Navigation Click on "DNS Functions" -> then Click on "Edit Nameservers IPs" +3. In "Name Server 1" and "Name Server 2" field give simple payload as: and Click Save Changes +4. Now one can see that the XSS Payload executed and even accessing the home page Stored XSS for nameservers executes. \ No newline at end of file diff --git a/exploits/php/webapps/44105.txt b/exploits/php/webapps/44105.txt index 51722cc5b..c02f436cc 100644 --- a/exploits/php/webapps/44105.txt +++ b/exploits/php/webapps/44105.txt @@ -23,4 +23,5 @@ Joomla! Component Advertisement Board v3.0.4 id parameter,v3.0.4 previously found. -https://www.exploit-db.com/exploits/41600/ \ No newline at end of file + +https://www.exploit-db.com/exploits/41600 \ No newline at end of file diff --git a/exploits/php/webapps/46617.txt b/exploits/ruby/webapps/46617.txt similarity index 100% rename from exploits/php/webapps/46617.txt rename to exploits/ruby/webapps/46617.txt diff --git a/files_exploits.csv b/files_exploits.csv index 7c199822a..192411647 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -41063,10 +41063,11 @@ id,file,description,date,author,type,platform,port 46614,exploits/php/webapps/46614.txt,"Jettweb Hazır Rent A Car Scripti V4 - SQL Injection",2019-03-27,"Ahmet Ümit BAYRAM",webapps,php,80 46615,exploits/windows/webapps/46615.py,"Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion",2019-03-28,0v3rride,webapps,windows, 46616,exploits/php/webapps/46616.txt,"Airbnb Clone Script - Multiple SQL Injection",2019-03-28,"Ahmet Ümit BAYRAM",webapps,php,80 -46617,exploits/php/webapps/46617.txt,"Fat Free CRM 0.19.0 - HTML Injection",2019-03-28,"Ismail Tasdelen",webapps,php,80 +46617,exploits/ruby/webapps/46617.txt,"Fat Free CRM 0.19.0 - HTML Injection",2019-03-28,"Ismail Tasdelen",webapps,ruby,80 46618,exploits/php/webapps/46618.txt,"WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion",2019-03-28,"Ali S. Ahmad",webapps,php,80 46619,exploits/php/webapps/46619.txt,"WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion",2019-03-28,"Ali S. Ahmad",webapps,php,80 46620,exploits/php/webapps/46620.txt,"i-doit 1.12 - 'qr.php' Cross-Site Scripting",2019-03-28,"BlackFog Team",webapps,php,80 46622,exploits/php/webapps/46622.txt,"Job Portal 3.1 - 'job_submit' SQL Injection",2019-03-28,"Mehmet EMIROGLU",webapps,php,80 46623,exploits/php/webapps/46623.txt,"BigTree 4.3.4 CMS - Multiple SQL Injection",2019-03-28,"Mehmet EMIROGLU",webapps,php,80 46624,exploits/php/webapps/46624.txt,"Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arac_kategori_id' SQL Injection",2019-03-28,"Ahmet Ümit BAYRAM",webapps,php,80 +46629,exploits/linux/webapps/46629.txt,"CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting",2019-03-29,DKM,webapps,linux,