bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/35197.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

24 lines
No EOL
772 B
Text
Raw Permalink Blame History

# Exploit Title: Serenity Client Management Portal Multiple Vulnerabilities
# Date: 08-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.0.1
# Software Link: http://codecanyon.net/item/serenity-client-management-portal/9136098
# Software Test Link: http://www.zenperfectdesign.com/demo/serenity-cc/
# Vulnerabilities Description:
===Unrestricted File Upload===
Login to system and go to "Profile" section. Now you can upload any file or shell file from "Profile Image" section.
Solution
Filter the files aganist to attacks.
===
===Stored XSS===
Login to system and go to "Profile" section. Now you can run any XSS payloads on all profile inputs.
Sample Payload for XSS: "><script>alert(document.cookie);</script>
Solution
Filter the files aganist to attacks.
Reference in a new issue View git blame Copy permalink