bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/51204.txt
Exploit-DB d4e68dbb7e DB: 2023-04-04 
39 changes to exploits/shellcodes/ghdb

ProLink PRS1841 PLDT Home fiber - Default Password

Nacos 2.0.3 - Access Control vulnerability

sudo 1.8.0 to 1.9.12p1 - Privilege Escalation

sleuthkit 4.11.1 - Command Injection

Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)

ManageEngin AMP 4.3.0 - File-path-traversal

SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)

AmazCart CMS 3.4 - Cross-Site-Scripting (XSS)
Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
Art Gallery Management System Project v1.0 - SQL Injection (sqli) authenticated
Art Gallery Management System Project v1.0 - SQL Injection (sqli) Unauthenticated

ChiKoi v1.0 - SQL Injection

ERPGo SaaS 3.9 - CSV Injection

GLPI  Cartography Plugin v6.0.0 - Unauthenticated Remote Code Execution (RCE)

GLPI 4.0.2 - Unauthenticated Local File Inclusion on Manageentities plugin
GLPI Activity  v3.1.0 - Authenticated Local File Inclusion on Activity plugin
GLPI Glpiinventory v1.0.1 - Unauthenticated Local File Inclusion
GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure
GLPI v10.0.2 - SQL Injection (Authentication Depends on Configuration)

Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)

MyBB 1.8.32 - Remote Code Execution (RCE) (Authenticated)

Paid Memberships Pro  v2.9.8 (WordPress Plugin) - Unauthenticated SQL Injection

pimCore v5.4.18-skeleton  - Sensitive Cookie with Improper SameSite Attribute

Prizm Content Connect v10.5.1030.8315 - XXE

SLIMSV 9.5.2 - Cross-Site Scripting (XSS)

WP-file-manager v6.9 - Unauthenticated Arbitrary File Upload leading to RCE

Zstore 6.5.4 - Reflected Cross-Site Scripting (XSS)
Roxy WI v6.1.0.0 - Improper Authentication Control
Roxy WI v6.1.0.0 - Unauthenticated Remote Code Execution (RCE)
Roxy WI v6.1.1.0 - Unauthenticated Remote Code Execution (RCE) via ssl_cert Upload

Solaris 10 libXm - Buffer overflow Local privilege escalation

Chromacam 4.0.3.0 - PsyFrameGrabberService Unquoted Service Path

Grand Theft Auto III/Vice City Skin File v1.1 - Buffer Overflow

HotKey Clipboard 2.1.0.6 - Privilege Escalation Unquoted Service Path

Microsoft Exchange Active Directory Topology 15.02.1118.007 - 'Service MSExchangeADTopology' Unquoted Service Path

Windows 11 10.0.22000 -  Backup service Privilege Escalation

Windows/x86 - Create Administrator User / Dynamic PEB & EDT method null-free Shellcode (373 bytes)
2023-04-04 00:16:32 +00:00

44 lines
No EOL
2 KiB
Text
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Metform Elementor Contact Form Builder v3.1.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
# Google Dork: inurl:metform-form intext:textarea|message
# Date: 14/01/2023
# Exploit Author: Mohammed Chemouri (https://de.linkedin.com/in/chemouri)
# Vendor Homepage: https://wpmet.com/plugin/metform/
# Software Link: https://downloads.wordpress.org/plugin/metform.3.1.2.zip
# Version: <= 3.1.2
# Tested on: WordPress version 6.1.1, PHP version 8.0.27 (64bit)
# CVE : CVE-2023-0084
Description:
An unauthenticated attacker can insert a persistent malicious JavaScript
code via the text-area field and because the input is not properly
sanitized the XSS will be executed each time the victim visits the affected
post.
An attacker can steal admins session or credentials e.g., using a phishing
attack (display fake login page) and may install a JavaScript backdoor like
the Browser Exploitation Framework (BeeF). ,etc.
Reproduction Steps:
1- Create a new form (using MetForm Elementor widgets) and insert a
text-area field and a submit button then publish the form.
2- Visit the created form (no login needed) and insert the following
JavaScript code in the text-area and submit:
<script>alert(0)</script>
3- By visiting MetForm then Entries from the WP-ADMIN panel and viewing the
inserted post the XSS payload will be executed.
Because there is may bots scanning the web and trying to brute-force
admin's credentials or exploit known vulnerabilities this flaw can be also
automated to steal credentials or do actions on behalf of the logged in
user or even install a JavaScript worm like the Browser Exploitation
Framework (BeeF) and make more than 100,000 websites under a high risk.
Remediation:
All fields must be properly sanitized and escaped before being displayed in
the browser. WordPress already offers an API for this purpose.
For more information please refer to:
https://developer.wordpress.org/apis/security/common-vulnerabilities/
https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
Reference in a new issue View git blame Copy permalink