6bdc0c9fda
8 changes to exploits/shellcodes Pi-Hole - heisenbergCompensator Blocklist OS Command Execution (Metasploit) Victor CMS 1.0 - 'comment_author' Persistent Cross-Site Scripting Victor CMS 1.0 - 'cat_id' SQL Injection qdPM 9.1 - 'cfg[app_app_name]' Persistent Cross-Site Scripting php-fusion 9.03.50 - 'ctype' SQL Injection Submitty 20.04.01 - Persistent Cross-Site Scripting NukeViet VMS 4.4.00 - Cross-Site Request Forgery (Change Admin Password) Victor CMS 1.0 - Authenticated Arbitrary File Upload
23 lines
No EOL
897 B
Text
23 lines
No EOL
897 B
Text
# Exploit Title: Submitty 20.04.01 - Persistent Cross-Site Scripting
|
|
# Date: 2020-05-15
|
|
# Exploit Author: humblelad
|
|
# Vendor Homepage: http://submitty.org/
|
|
# Software Link: https://github.com/Submitty/Submitty/releases
|
|
# Version: 20.04.01
|
|
# Tested on: Mac Os Catalina
|
|
# CVE : CVE-2020-12882
|
|
|
|
|
|
Description:
|
|
Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated
|
|
by an attack by a Student against a Teaching Fellow.This vulnerability can potentially enable any student to takeover the account of TA if they open the attachment as the cookie gets exposed.
|
|
|
|
1.As student login, via student:student
|
|
|
|
2.Go here http://localhost:1501/s20/tutorial/gradeable/01_simple_python (as ex.)
|
|
|
|
3.In the new submission upload the malicious .svg file with any xss payload.
|
|
|
|
|
|
|
|
Login as ta and open the same for grading. The XSS gets triggered alerting the cookies. |