42ade901fe
22 changes to exploits/shellcodes/ghdb LISTSERV 17 - Insecure Direct Object Reference (IDOR) LISTSERV 17 - Reflected Cross Site Scripting (XSS) Router ZTE-H108NS - Stack Buffer Overflow (DoS) Router ZTE-H108NS - Authentication Bypass Boa Web Server v0.94.14 - Authentication Bypass Covenant v0.5 - Remote Code Execution (RCE) Dreamer CMS v4.0.0 - SQL Injection Shoplazza 1.1 - Stored Cross-Site Scripting (XSS) Virtual Reception v1.0 - Web Server Directory Traversal 4images 1.9 - Remote Command Execution (RCE) ClicShopping v3.402 - Cross-Site Scripting (XSS) Concrete5 CME v9.1.3 - Xpath injection Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE) Ecommerse v1.0 - Cross-Site Scripting (XSS) Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS) myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS) WPForms 1.7.8 - Cross-Site Scripting (XSS) CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path Zillya Total Security 3.0.2367.0 - Local Privilege Escalation
18 lines
No EOL
677 B
Text
18 lines
No EOL
677 B
Text
# Exploit Title: Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS)
|
|
# Google Dork: N/A
|
|
# Date: 12/6/2022
|
|
# Exploit Author: @casp3r0x0 hassan ali al-khafaji
|
|
# Vendor Homepage: https://www.eve-ng.net/
|
|
# Software Link: https://www.eve-ng.net/index.php/download/
|
|
# Version: Free EVE Community Edition Version 5.0.1-13
|
|
# Tested on: Free EVE Community Edition Version 5.0.1-13
|
|
# CVE : N/A
|
|
|
|
|
|
|
|
#we could achieve stored XSS on eve-ng free I don't know If this
|
|
effect pro version also
|
|
#first create a new lab
|
|
#second create a Text label
|
|
#insert the xss payload and click save "><script>alert(1)</script>
|
|
#the application is multi user if any user open the lab the xss will be triggered. |