bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/50317.txt
Offensive Security f449a4864b DB: 2021-09-23 
8 changes to exploits/shellcodes

TotalAV 5.15.69 - Unquoted Service Path
Simple Attendance System 1.0 - Unauthenticated Blind SQLi
Filerun 2021.03.26 - Remote Code Execution (RCE) (Authenticated)
e107 CMS 2.3.0 - Remote Code Execution (RCE) (Authenticated)
OpenCats 0.9.4-2 - 'docx ' XML External Entity Injection (XXE)
Cloudron 6.2 - 'returnTo ' Cross Site Scripting (Reflected)
Sentry 8.2.0 - Remote Code Execution (RCE) (Authenticated)
Online Reviewer System 1.0 - Remote Code Execution (RCE) (Unauthenticated)
2021-09-23 05:02:08 +00:00

14 lines
No EOL
425 B
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Cloudron 6.2 - 'returnTo ' Cross Site Scripting (Reflected)
# Date: 10.06.2021
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://cloudron.io
# Software Link: https://www.cloudron.io/get.html
# Version: 6.3 >
# CVE : CVE-2021-40868
Proof of Concept:
1. Go to https://localhost/login.html?returnTo=
2. Type your payload after returnTo=
3. Fill in the login information and press the sign in button.
Reference in a new issue View git blame Copy permalink