08c1a4df45
9 changes to exploits/shellcodes Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion DVD X Player Standard 5.5.3.9 - Buffer Overflow iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting Wordpress Plugin Activity Log 2.4.0 - Stored Cross Site Scripting WUZHI CMS 4.1.0 - ‘Add Admin Account’ Cross-Site Request Forgery WUZHI CMS 4.1.0 - ‘Add User Account’ Cross-Site Request Forgery Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control WordPress File Upload Plugin 4.3.2 - Stored Cross Site Scripting WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS
31 lines
No EOL
1.2 KiB
Text
31 lines
No EOL
1.2 KiB
Text
# Exploit Title: iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting
|
|
# Date: 02/04/2018
|
|
# Exploit Author: ManhNho
|
|
# Vendor Homepage: https://www.iscripts.com
|
|
# Demo Page: https://www.demo.iscripts.com/easycreate/demo/
|
|
# Version: 3.2.1
|
|
# Tested on: Windows 10
|
|
# Category: Webapps
|
|
# CVE: CVE-2018-9236
|
|
# CVE: CVE-2018-9237
|
|
|
|
1. Description
|
|
====================
|
|
iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the "Site Description" and "Site Title" fields.
|
|
|
|
2. PoC
|
|
====================
|
|
1. from "user section", access to "dashboard" and select "Created from saved items" with edit option
|
|
2. In "edit site" action, Inject "><script>alert('2')</script> to "Site Description" field
|
|
3. Save and change!! refresh and we have alert pop up!
|
|
|
|
3. PoC
|
|
====================
|
|
1. from "user section", access to "dashboard" and select "Created from saved items" with edit option
|
|
2. In "edit site" action, Inject </title>"><script>alert('1')</script> to "Site title" field
|
|
3. Save and change! refresh and we have alert pop up!
|
|
|
|
4. References
|
|
====================
|
|
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-9237
|
|
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-9236 |