bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/webapps/44613.txt
Offensive Security 7788a305c5 DB: 2018-05-12 
6 changes to exploits/shellcodes

2345 Security Guard 3.7 - Denial of Service
2345 Security Guard 3.7 - '2345NetFirewall.sys' Denial of Service

2345 Security Guard 3.7 - '2345BdPcSafe.sys' Denial of Service

Reaper 5.78 - Local Buffer Overflow

EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection

Mantis 1.1.3 - manage_proj_page PHP Code Execution (Metasploit)
Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit)

Open-AudIT Professional - 2.1.1 - Cross-Site Scripting

Ncomputing vSpace Pro v10 and v11 - Directory Traversal PoC
Ncomputing vSpace Pro 10/11 - Directory Traversal

Fastweb FASTGate 0.00.47 - Cross-site Request Forgery
Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery

Open-AudIT Community - 2.2.0 – Cross-Site Scripting
2018-05-12 05:01:46 +00:00

32 lines
No EOL
1.5 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Open-AudIT Community - 2.2.0 Cross-Site Scripting
# Exploit Author: Tejesh Kolisetty #
# Vendor Homepage: https://opmantek.com/
# Software Link: https://opmantek.com/network-tools-download/
# Affected Version: 2.2.0
# Category: WebApps
# Tested on: Win7 Professional
# CVE : CVE-2018-10314
# 1. Vendor Description:
# Network Discovery and Inventory Software | Open-AudIT | Opmantek
# Discover what's on your network. Open-AudIT is the world's leading network discovery, inventory and audit program. Used by over 10,000 customers.
# 2. Technical Description:
# Cross-site scripting (XSS) vulnerability found in Multiple instances of Open-AudIT Community - 2.2.0 that allows remote attackers to inject arbitrary web script or HTML, as demonstrated in below POC.
# 3. Proof of Concept:
# a) Login as user who is having access to download scripts
# b) Navigate to Discover -> Audit Scripts -> List Scripts -> Download
# c) Now click Download any script
# d) Now capture the request using the Burp suit tool and append below payload to action variable payload: =download"><script>alert(XSS)</script>
# e) Then the script is executed on the browser and shows the popup.
# Multiple Instances:
Discover -> Audit Scripts -> List Scripts -> Download
Admin -> Logs -> View System Logs
Admin -> Logs -> View Access Logs
etc.,.
# 4. Solution:
# Upgrade to latest release Open-AudIT 2.2.1
# http://dl-openaudit.opmantek.com/OAE-Win-x86_64-release_2.2.1.exe
Reference in a new issue View git blame Copy permalink