bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/44144.txt
Offensive Security ae6ab38369 DB: 2018-02-20 
3 changes to exploits/shellcodes

Aastra 6755i SIP SP4 - Denial of Service

October CMS < 1.0.431 - Cross-Site Scripting

Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes)
Linux/x86 - shutdown -h now Shellcode (56 bytes)
Linux/x86 - chmod 0777 /etc/shadow + Obfuscated Shellcode (51 bytes)
Linux/x86 - shutdown -h now Shellcode (56 bytes)

Linux/ARM - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (79 bytes)

Linux/x64 - Add Map (127.1.1.1 google.lk) In /etc/hosts Shellcode (110 bytes)

Linux/x64 - shutdown -h now Shellcode (65 bytes)

Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh)  + IP Controlled (192.168.1.190) + Null-Free Shellcode (168 bytes)
2018-02-20 05:01:50 +00:00

38 lines
No EOL
1.2 KiB
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: October CMS Stored Code Injection
# Date: 16-02-2018
# Exploit Author: Samrat Das
# Contact: http://twitter.com/Samrat_Das93
# Website: https://securitywarrior9.blogspot.in/
# Vendor Homepage: *https://octobercms.com/ <https://octobercms.com/>*
# Version: All versions till date from 1.0.431
# CVE : CVE- 2018-7198
# Category: WebApp CMS
1. Description
The application source code is coded in a way which allows malicious
crafted HTML commands to be executed without input validation
2. Proof of Concept
1. Visit the application
2. Visit the Add posts page
3. Goto edit function, add any html based payload and its gets stored and executed subsequently.
Proof of Concept
Steps to Reproduce:
1. Create any HTML based payload such as:
Username:<input type=text> <br>
Password: <input type=text> <br>
<button type="button">Login</button>
2. This hosted page with form action implemented upon clicked by user will lead to exfiltration of credentials apart from performing a host of other actions such as stored xss and another similiar attacks.
3. Solution:
Implement through input validation to reject unsafe html input.
Reference in a new issue View git blame Copy permalink