diff --git a/exploits/multiple/webapps/48619.txt b/exploits/multiple/webapps/48619.txt new file mode 100644 index 000000000..35211e9a0 --- /dev/null +++ b/exploits/multiple/webapps/48619.txt @@ -0,0 +1,21 @@ +# Exploit title: BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting +# Exploit Author: William Summerhill +# Date: 2020-06-22 +# Vendor homepage: https://www.globalradar.com/ +# Tested on: Window +# CVE-2020-14943 + +# Description: The "Firstname" and "Lastname" parameters in Global RADAR BSA Radar 1.6.7234.X +# are vulnerable to a stored Cross-Site Scripting (XSS) via the Update User Profile feature +# (in the top-right of the application). + +# Proof of Concept: + +Using the "update user profile" feature in the top-right of the application while logged in, +a malicious user can inject malicious, unencoded scripts, such as "", +into the Firstname and Lastname parameters of a user account. This stored XSS will execute on +nearly every application page as these parameters are always present while logged in. This attack +can be further leveraged by utilizing an existing authorization bypass exploit (CVE-2020-14944) +to inject stored XSS payloads into these parameters for arbitrary existing user accounts. + +Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14943 \ No newline at end of file diff --git a/files_exploits.csv b/files_exploits.csv index 3311e42a9..87baaa104 100644 --- a/files_exploits.csv +++ b/files_exploits.csv @@ -42875,3 +42875,4 @@ id,file,description,date,author,type,platform,port 48612,exploits/php/webapps/48612.txt,"WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting",2020-06-22,"Emre ÖVÜNÇ",webapps,php, 48615,exploits/php/webapps/48615.txt,"Responsive Online Blog 1.0 - 'id' SQL Injection",2020-06-23,"Eren Şimşek",webapps,php, 48616,exploits/php/webapps/48616.txt,"Online Student Enrollment System 1.0 - Cross-Site Request Forgery (Add Student)",2020-06-23,BKpatron,webapps,php, +48619,exploits/multiple/webapps/48619.txt,"BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting",2020-06-24,"William Summerhill",webapps,multiple,