bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1
exploit-db-mirror/exploits/php/webapps/44354.txt
Offensive Security 4fd08ae698 DB: 2018-03-29 
6 changes to exploits/shellcodes

TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting
Microsoft Windows Remote Assistance - XML External Entity Injection
Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change
Open-AuditIT Professional 2.1 - Cross-Site Scripting
2018-03-29 05:01:52 +00:00

29 lines
No EOL
1,010 B
Text
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Exploit Title: Open-AuditIT Professional 2.1 - Stored Cross site scripting (XSS)
# Date: 27-03-2018
# Exploit Author: Nilesh Sapariya
# Contact: https://twitter.com/nilesh_loganx
# Website: https://nileshsapariya.blogspot.com
# Vendor Homepage: https://www.open-audit.org/
# Version: 2.1
# CVE : CVE-2018-8903
# Category: Webapp Open-AuditIT Professional 2.1
1. Description:-
It was observed that attacker is able to inject a malicious script in the
Application. As server is not filtering the inputs provided by an attacker
and the script executes in the victim browser when he tries to visit the
page
2. Proof of Concept
Login into Open-AuditIT Professional 2.1
1] Go to Home ==> Credentials
2] Enter XSS payload in Name and Description Field
"><img src=x onerror=alert(1337);>
3] Click on Submit
Visi this page :-
http://localhost/omk/open-audit/credentials
3] POCs and steps:
https://nileshsapariya.blogspot.ae/2018/03/csrf-to-xss-open-auditit-professional-21.html
Reference in a new issue View git blame Copy permalink