exploit-db-mirror/exploits/php/webapps/45150.txt
Offensive Security addac3a875 DB: 2018-08-07
9 changes to exploits/shellcodes

mySCADA myPRO 7 - Hard-Coded Credentials

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload

Open-AudIT Community 2.2.6 - Cross-Site Scripting
Subrion CMS 4.2.1 - Cross-Site Scripting
LAMS < 3.1 - Cross-Site Scripting
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
CMS ISWEB 3.5.3 - Directory Traversal
Monstra 3.0.4 - Cross-Site Scripting
2018-08-07 05:01:44 +00:00

18 lines
No EOL
567 B
Text

# Exploit Title: [Subrion CMS- 4.2.1 XSS (Using component with known
Vulnerability)]
# Date: [02-08-2018]
# Exploit Author: [Zeel Chavda]
# Vendor Homepage: [https://subrion.org/]
# Software Link: [https://subrion.org/download/]
# Version: [4.2.1] (REQUIRED)
# Tested on: [Windows,FireFox]
# CVE : [CVE-2018-14840]
Steps: -
1. Create a file with XSS payload.
2. Save it with .html extension.
3. Upload via CKEditor manager and execute "file.html".
Reference: -
https://github.com/intelliants/subrion/commit/cb10ac2294cb2c3a6d2159f9a2bb8c58a2a10a47