97334ae3af
9 changes to exploits/shellcodes GSearch 1.0.1.0 - Denial of Service (PoC) Microsoft Windows - 'CmpAddRemoveContainerToCLFSLog' Arbitrary File/Directory Creation Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation dotProject 2.1.9 - SQL Injection SeedDMS < 5.1.11 - 'out.UsrMgr.php' Cross-Site Scripting SeedDMS < 5.1.11 - 'out.GroupMgr.php' Cross-Site Scripting SeedDMS versions < 5.1.11 - Remote Command Execution GrandNode 4.40 - Path Traversal / Arbitrary File Download Linux/x86_64 - Reverse(0.0.0.0:4444/TCP) Shell (/bin/sh) Shellcode
15 lines
No EOL
752 B
Text
15 lines
No EOL
752 B
Text
# Exploit Title: [Persistent Cross-Site Scripting or Stored XSS in out/out.UsrMgr.php in SeedDMS before 5.1.11]
|
|
# Google Dork: [NA]
|
|
# Date: [20-June-2019]
|
|
# Exploit Author: [Nimit Jain](https://www.linkedin.com/in/nimitiitk)(https://secfolks.blogspot.com)
|
|
# Vendor Homepage: [https://www.seeddms.org]
|
|
# Software Link: [https://sourceforge.net/projects/seeddms/files/]
|
|
# Version: [< 5.1.11] (REQUIRED)
|
|
# Tested on: [NA]
|
|
# CVE : [CVE-2019-12745]
|
|
|
|
Proof-of-Concept:
|
|
|
|
Step 1: Login to the application and go to My account and edit user details.
|
|
Step 2: Change the name by adding <script>alert("name")</script>
|
|
Step 3: Now browse to user management option in Admin-tools and click on choose user to execute the previously inserted javascript. |