0a3e0862c8
8 changes to exploits/shellcodes Support Board 3.3.4 - 'Message' Stored Cross-Site Scripting (XSS) Wordpress Plugin Duplicator 1.3.26 - Unauthenticated Arbitrary File Read Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting (XSS) Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Mitsubishi Electric & INEA SmartRTU - Reflected Cross-Site Scripting (XSS) Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS) Company's Recruitment Management System 1.0 - 'Add New user' Cross-Site Request Forgery (CSRF) Plastic SCM 10.0.16.5622 - WebAdmin Server Access
21 lines
No EOL
970 B
Text
21 lines
No EOL
970 B
Text
# Exploit Title: Plastic SCM 10.0.16.5622 - WebAdmin Server Access
|
|
# Shodan Dork: title:"Plastic SCM"
|
|
# Date: 18.10.2021
|
|
# Exploit Author: Basavaraj Banakar
|
|
# Vendor Homepage: https://www.plasticscm.com/
|
|
# Software Link: https://www.plasticscm.com/download/releasenotes/10.0.16.5622
|
|
# Version: Plastic SCM < 10.0.16.5622
|
|
# Tested on: Chrome,Firefox,Edge
|
|
# CVE : CVE-2021-41382
|
|
|
|
# Reference: https://infosecwriteups.com/story-of-google-hall-of-fame-and-private-program-bounty-worth-53559a95c468
|
|
|
|
# Exploit:
|
|
|
|
1. Navigate to target.com/account [This holds administrator login console]
|
|
|
|
2. Change URL to target.com/account/register [Here able to set new password for the adminstrator user]
|
|
|
|
3. Now after changing password of administrator and login to console and Navigate to target.com/configuration/authentication and set an new password for any of the users
|
|
|
|
4. Now navigate to target.com/webui/repos and login with the recently changed password for user i.e is in step 3 |