addac3a875
9 changes to exploits/shellcodes mySCADA myPRO 7 - Hard-Coded Credentials Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload Open-AudIT Community 2.2.6 - Cross-Site Scripting Subrion CMS 4.2.1 - Cross-Site Scripting LAMS < 3.1 - Cross-Site Scripting onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin) CMS ISWEB 3.5.3 - Directory Traversal Monstra 3.0.4 - Cross-Site Scripting
18 lines
No EOL
567 B
Text
18 lines
No EOL
567 B
Text
# Exploit Title: [Subrion CMS- 4.2.1 XSS (Using component with known
|
|
Vulnerability)]
|
|
# Date: [02-08-2018]
|
|
# Exploit Author: [Zeel Chavda]
|
|
# Vendor Homepage: [https://subrion.org/]
|
|
# Software Link: [https://subrion.org/download/]
|
|
# Version: [4.2.1] (REQUIRED)
|
|
# Tested on: [Windows,FireFox]
|
|
# CVE : [CVE-2018-14840]
|
|
|
|
Steps: -
|
|
|
|
1. Create a file with XSS payload.
|
|
2. Save it with .html extension.
|
|
3. Upload via CKEditor manager and execute "file.html".
|
|
|
|
Reference: -
|
|
https://github.com/intelliants/subrion/commit/cb10ac2294cb2c3a6d2159f9a2bb8c58a2a10a47 |