bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/49026.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

23 lines
No EOL
882 B
Text
Raw Blame History

# Exploit Title: ShoreTel Conferencing 19.46.1802.0 - Reflected Cross-Site Scripting
# Date: 11/8/2020
# Exploit Author: Joe Helle
# Vendor Homepage: https://www.mitel.com/articles/what-happened-shoretel-products
# Version: 19.46.1802.0
# Tested on: Linux
# CVE: 2020-28351
PoC:
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could
allow an unauthenticated attacker to conduct a reflected cross-site
scripting attack (XSS) via the PATH_INFO to index.php, due to insufficient
validation for the time_zone object in the HOME_MEETING& page.
Vulnerable payload
/index.php/%22%20onmouseover=alert(document.domain)%20?page=HOME
Vulnerability is in the HOME_MEETINGS& page, where a time_zone dropdown
object is located. Upon executing the payload, the exploit executes when
the mouse is rolled over the dropdown menu object.
https://github.com/dievus/CVE-2020-28351
Reference in a new issue View git blame Copy permalink