60710bbfd9
19 changes to exploits/shellcodes Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption Wireshark - 'find_signature' Heap Out-of-Bounds Read Xorg X11 Server (AIX) - Local Privilege Escalation Emacs - movemail Privilege Escalation (Metasploit) OpenSSH < 7.7 - User Enumeration (2) HP Intelligent Management - Java Deserialization RCE (Metasploit) Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage KeyBase Botnet 1.5 - SQL Injection Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting NUUO NVRMini2 3.9.1 - Authenticated Command Injection DomainMOD 4.11.01 - Registrar Cross-Site Scripting FreshRSS 1.11.1 - Cross-Site Scripting Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes) Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
15 lines
No EOL
738 B
Text
15 lines
No EOL
738 B
Text
# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting
|
|
# Date: 2018-11-22
|
|
# Exploit Author: Mohammed Abdul Raheem
|
|
# Vendor Homepage: domainmod (https://domainmod.org/)
|
|
# Software Link: domainmod (https://github.com/DomainMod/DomainMod)
|
|
# Version: v4.09.03 to v4.11.01
|
|
# CVE : CVE-2018-19752
|
|
|
|
# A Stored Cross-site scripting (XSS) was discovered in DomainMod application
|
|
# versions from v4.09.03 to v4.11.01
|
|
# After logging into the Domainmod application panel, browse to the /assets/add/registrar-account.php page and inject a javascript XSS payload in registrar Name, registrar url & Notes fields
|
|
|
|
"><img src=x onerror=alert("Xss-By-Abdul-Raheem")>
|
|
|
|
#POC : attached here https://github.com/domainmod/domainmod/issues/84 |