bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/webapps/49145.txt
Offensive Security 4b9e53700f DB: 2020-12-02 
18 changes to exploits/shellcodes

10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)
EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path
Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path
Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path
Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path
TypeSetter 5.1 - CSRF (Change admin e-mail)
Joomla! Component GMapFP 3.5 - Unauthenticated Arbitrary File Upload
Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
Online Shopping Alphaware 1.0 - Error Based SQL injection
Pharmacy/Medical Store & Sale Point 1.0  - 'email' SQL Injection
Setelsa Conacwin 3.7.1.2 - Local File Inclusion
Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS
Tailor Management System 1.0 - Unrestricted File Upload to Remote Code Execution
LEPTON CMS 4.7.0 - 'URL' Persistent Cross-Site Scripting
Medical Center Portal Management System 1.0 - 'login' SQL Injection
Pandora FMS 7.0 NG 749 - Multiple Persistent Cross-Site Scripting Vulnerabilities # Date: 11-14-2020
Social Networking Site - Authentication Bypass (SQli)
Tendenci 12.3.1 - CSV/ Formula Injection
2020-12-02 05:01:55 +00:00

21 lines
No EOL
912 B
Text
Raw Blame History

#Exploit Title: Tendenci 12.3.1 - CSV/ Formula Injection
#Date: 2020-10-29
#Exploit Author: Mufaddal Masalawala
#Vendor Homepage: https://www.tendenci.com/
#Software Link: https://github.com/tendenci/tendenci
#Version: 12.3.1
#Payload: =10+20+cmd|' /C calc'!A0
#Tested on: Kali Linux 2020.3
#Proof Of Concept:
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in
Contact Us feature in Tendenci v12.3.1 via message field that is mistreated
while exporting to a CSV file.
To exploit this vulnerability:
1. Go to contact us page and enter the payload "=10+20+cmd|' /C
calc'!A0" in the message field and submit the form
2. Login to the application and go to Forms section and export the
contact us form entries
3. Click on Export and save the CSV file downloaded
4. Open the CSV file, allow all popups and our payload is executed
(calculator is opened).
Reference in a new issue View git blame Copy permalink