a9fa314bbf
14 changes to exploits/shellcodes BasicNote 1.1.9 - Denial of Service (PoC) ColorNote 4.1.9 - Denial of Service (PoC) Notepad notes 2.6.7 - Denial of Service (PoC) Blacknote 2.2.1 - Denial of Service (PoC) CHIYU IoT Devices - 'Telnet' Authentication Bypass PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution Seo Panel 4.8.0 - 'from_time' Reflected XSS CHIYU IoT Devices - Denial of Service (DoS) FUDForum 3.1.0 - 'srch' Reflected XSS FUDForum 3.1.0 - 'author' Reflected XSS Gitlab 13.9.3 - Remote Code Execution (Authenticated) 4Images 1.8 - 'redirect' Reflected XSS
17 lines
No EOL
863 B
Text
17 lines
No EOL
863 B
Text
# Exploit Title: 4Images 1.8 - 'redirect' Reflected XSS
|
|
# Exploit Author: Piyush Patil
|
|
# Vendor Homepage: https://www.4homepages.de/
|
|
# Software Link: https://www.4homepages.de/?download=4images1.8.zip&code=81da0c7b5208e172ea83d879634f51d6
|
|
# Version: 4Images Gallery 1.8
|
|
# Tested on: Windows 10 and Kali
|
|
# CVE : CVE-2021-27308
|
|
|
|
-Description:
|
|
A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter.
|
|
|
|
|
|
-Steps to reproduce:
|
|
1- Goto 4images admin panel page (demo instance: https://localhost/4images/admin/index.php)
|
|
2- Enter the credentials , Turn on the intercept and click on "Login"
|
|
3- copy paste the XSS payload after redirect=./../admin/index.php%3Fsessionid=xxxxxPASTEPAYLOADHERE
|
|
4-Forward the request and you can see XSS is triggered. |