bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51744.txt
Exploit-DB f3649a641f DB: 2023-10-10 
24 changes to exploits/shellcodes/ghdb

Minio 2022-07-29T19-40-48Z - Path traversal

Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Denial Of Service

Atcom 2.7.x.x - Authenticated Command Injection

Ruijie Reyee Mesh Router - MITM Remote Code Execution (RCE)
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Admin Password Change
Tinycontrol LAN Controller v3 (LK3) 1.58a - Remote Credentials Extraction

OpenPLC WebServer 3 - Denial of Service

Splunk 9.0.5 - admin account take over

BoidCMS v2.0.0 - authenticated file upload vulnerability

Cacti 1.2.24 - Authenticated command injection when using SNMP options

Chitor-CMS v1.1.2 - Pre-Auth SQL Injection

Clcknshop 1.0.0 - SQL Injection

Coppermine Gallery 1.6.25 - RCE

Crypto Currency Tracker (CCT) 9.5 - Admin Account Creation (Unauthenticated)

GLPI GZIP(Py3) 9.4.5 - RCE

Limo Booking Software v1.0 - CORS

Media Library Assistant Wordpress Plugin - RCE and LFI

Online ID Generator 1.0 - Remote Code Execution (RCE)

Shuttle-Booking-Software v1.0 - Multiple-SQLi

Webedition CMS v2.9.8.8 - Blind SSRF

WEBIGniter v28.7.23 File Upload - Remote Code Execution

Wordpress Plugin Masterstudy LMS - 3.0.17 - Unauthenticated Instructor Account Creation

Wordpress Sonaar Music Plugin 4.7 - Stored XSS

Microsoft Windows 11 - 'apds.dll' DLL hijacking (Forced)
2023-10-10 00:16:32 +00:00

48 lines
No EOL
1.6 KiB
Text
Raw Blame History

## Title: Limo Booking Software v1.0 - CORS
## Author: nu11secur1ty
## Date: 09/08/2023
## Vendor: https://www.phpjabbers.com/
## Software: https://www.phpjabbers.com/limo-booking-software/#sectionDemo
## Reference: https://portswigger.net/web-security/cors
## Description:
The application implements an HTML5 cross-origin resource sharing
(CORS) policy for this request that allows access from any domain.
The application allowed access from the requested origin http://wioydcbiourl.com
Since the Vary: Origin header was not present in the response, reverse
proxies and intermediate servers may cache it. This may enable an
attacker to carry out cache poisoning attacks. The attacker can get
some of the software resources of the victim without the victim
knowing this.
STATUS: HIGH Vulnerability
[+]Test Payload:
```
GET /1694201352_198/index.php?controller=pjFrontPublic&action=pjActionFleets&locale=1&index=2795
HTTP/1.1
Host: demo.phpjabbers.com
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.141
Safari/537.36
Connection: close
Cache-Control: max-age=0
Origin: http://wioydcbiourl.com
Referer: http://demo.phpjabbers.com/
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="116", "Chromium";v="116"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/phpjabbers/2023/Limo-Booking-Software-1.0)
## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/09/limo-booking-software-10-cors.html)
## Time spent:
00:35:00
Reference in a new issue View git blame Copy permalink