bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/45228.txt
Offensive Security 948806b29c DB: 2018-08-21 
11 changes to exploits/shellcodes

SEIG Modbus 3.4 - Denial of Service (PoC)
Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)
Restorator 1793 - Denial of Service (PoC)
Prime95 29.4b7 - Denial Of Service (PoC)
SEIG SCADA System 9 - Remote Code Execution
SEIG Modbus 3.4 - Remote Code Execution
Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution
WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
Countly - Persistent Cross-Site Scripting
2018-08-21 05:01:46 +00:00

34 lines
No EOL
1.5 KiB
Text
Raw Blame History

############################################################################
# Exploit Title: Countly-server Stored(Persistent) XSS Vulnerability
# Date: Monday - 2018 13 August
# Author: 10:10AM Team
# Discovered By: Sleepy
# Software Link: https://github.com/Countly/countly-server
# Version: All Version
# Category: Web-apps
# Security Risk: Critical
# Tested on: GNU/Linux Ubuntu 16.04 - win 10
############################################################################
# Exploit:
# Description:
#
# Attacker can use multiple parameters in the provided link to inject his own data in the database
# of this application,the injected data can then be directly viewed in the event logs panel
# (manage>logger).
# Attacker may use this vulnerability to inject his own payload for attacks like Stored XSS.
# The injected payload will be executed everytime that the target page gets visited/refreshed.
#
# Proof of Concept:
#
# Injection URL:
#
# <20> http://[server_ip]:[api_port]/i?api_key=[api_key]&parameter_1=[payload_1]&parameter_2=[payload_2]&etc...
#
# Execution URL(login to server dashboard and navigate to "event logs" panel):
#
# <20> http://[server_ip]:[server_port]/dashboard#/[app_key]/manage/logger
#
#
############################################################################
# WE ARE: Sleepy({ssleeppyy@gmail.com}), Mikili({mikili.land@gmail.com})
############################################################################
Reference in a new issue View git blame Copy permalink