b33d1ec015
10 changes to exploits/shellcodes DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path SAntivirus IC 10.0.21.61 - 'SAntivirusIC' Unquoted Service Path IDT PC Audio 1.0.6425.0 - 'STacSV' Unquoted Service Path Bludit 3.9.2 - Authentication Bruteforce Bypass (Metasploit) Citrix ADC NetScaler - Local File Inclusion (Metasploit) Apache Tomcat - AJP 'Ghostcat' File Read/Inclusion (Metasploit) Touchbase.io 1.10 - Stored Cross Site Scripting OpenCart Theme Journal 3.1.0 - Sensitive Data Exposure October CMS Build 465 - Arbitrary File Read Exploit (Authenticated) ASUS TM-AC1900 - Arbitrary Command Execution (Metasploit)
20 lines
No EOL
807 B
Text
20 lines
No EOL
807 B
Text
#Exploit Title: Touchbase.io 1.10 - Stored Cross Site Scripting
|
|
#Date: 2020-11-11
|
|
#Exploit Author: Simran Sankhala
|
|
#Vendor Homepage: https://touchbase.ai/
|
|
#Software Link: https://touchbase.ai/
|
|
#Version: 1.1.0
|
|
#Tested on: Windows 10
|
|
#Proof Of Concept:
|
|
touchbase.ai application allows stored XSS, via the 'Add User' module,
|
|
that is rendered upon 'Contacts' page visit.
|
|
To exploit this vulnerability:
|
|
Steps to Reproduce:
|
|
|
|
1. Login to the application, goto 'Contacts' module and add the user
|
|
2. Inject the payload = <marquee onstart=alert(document.cookie)> in the
|
|
'Name' field
|
|
3. Fill the other details, and save the details.
|
|
4. Go to the 'Contacts' module again, and we can see that our entered
|
|
XSS Script is executed in the name field and the pop-up appears with the
|
|
session cookie details. |