bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/35197.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

24 lines
No EOL
795 B
Text
Raw Blame History

# Exploit Title: Serenity Client Management Portal Multiple Vulnerabilities
# Date: 08-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.0.1
# Software Link: http://codecanyon.net/item/serenity-client-management-portal/9136098
# Software Test Link: http://www.zenperfectdesign.com/demo/serenity-cc/
# Vulnerabilities Description:
===Unrestricted File Upload===
Login to system and go to "Profile" section. Now you can upload any file or shell file from "Profile Image" section.
Solution
Filter the files aganist to attacks.
===
===Stored XSS===
Login to system and go to "Profile" section. Now you can run any XSS payloads on all profile inputs.
Sample Payload for XSS: "><script>alert(document.cookie);</script>
Solution
Filter the files aganist to attacks.
Reference in a new issue View git blame Copy permalink