8e0113decc
12 changes to exploits/shellcodes Easy CD & DVD Cover Creator 4.13 - Denial of Service (PoC) MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path Knockpy 4.1.1 - CSV Injection Wordpress Core 5.2.2 - 'post previews' XSS 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting Mantis Bug Tracker 2.24.3 - 'access' SQL Injection Advanced Comment System 1.0 - 'ACS_path' Path Traversal sar2html 3.2.1 - 'plot' Remote Code Execution CMS Made Simple 2.2.15 - RCE (Authenticated) Subrion CMS 4.2.1 - 'avatar[path]' XSS Click2Magic 1.1.5 - Stored Cross-Site Scripting Arteco Web Client DVR/NVR - 'SessionId' Brute Force
21 lines
No EOL
825 B
Text
21 lines
No EOL
825 B
Text
# Exploit Title: 4images v1.7.11 - 'Profile Image' Stored Cross-Site Scripting
|
|
# Date: 30-12-2020
|
|
# Exploit Author: Ritesh Gohil
|
|
# Vendor Homepage: https://www.4homepages.de/
|
|
# Software Link: https://www.4homepages.de/download-4images
|
|
# Version: 1.7.11
|
|
# Tested on: Windows 10/Kali Linux
|
|
|
|
Vulnerable Parameters: Profile Image.
|
|
|
|
Attack Vector:
|
|
This vulnerability can results attacker to inject the XSS payload into the IMAGE URL and each time
|
|
any user will go to that URL, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload.
|
|
|
|
Steps-To-Reproduce:
|
|
1. Login into 4images admin panel.
|
|
2. Now go to the add images tab.
|
|
3. Now paste the below payload in the URL field.
|
|
ritesh"><img src=x onerror=confirm(1)>
|
|
4. Now click on add button.
|
|
5. The XSS will be triggered. |