Install and activate the Slider by Soliloquy 2.6.2 plugin. Open Soliloquy and use 'Add New' button to add new post. Add payload to title. Payload: <script>alert(document.cookie)</script> Add any image in post. Publish the post. XSS has been triggered. Go to this url 'http://localhost/wp-admin/post.php?post=1&action=edit' XSS will trigger. - For wordpress users. Go to this url 'http://localhost/?post_type=soliloquy&p=1' XSS will trigger. - For normal users.
Authenticated user can exploit LFI vulnerability in tab parameter.
Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form. An attacker can bypass authentication by sending the following payload: username='+or+1%3D1+limit+1+--+-%2B&password=aaaa
Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form.
Its possible create an user without being authenticated, in this request you can upload a simple webshell which will used to get a reverse shell.
Session cookie 'OCSESSID' is inproperly processed, allowing an attacker to set any value cookie and server set this value, resulting in a session injection and session fixation vulnerability.
A reflected Cross-Site Scripting (XSS) vulnerability exists in orangescrum 1.8.0 when an authenticated user sends a maliciously crafted request to the application. The application does not properly sanitize user-supplied input, allowing an attacker to inject arbitrary HTML or JavaScript code into the applicationβs response. This can be exploited to execute arbitrary HTML or JavaScript code in the context of the affected application.
The vulnerabilities in the application allow for taking over any account with which the project is assigned. The user must be assigned to the project with the account he wants to take over. The exploit involves going to the dashboard, going to the page source view, finding in source 'var PUSERS', copying 'uniq_id' victim, changing cookie 'USER_UNIQ' to 'USER_UNIQ' victim from page source and after refreshing the page, logging in to the victim's account.
A client-side template injection vulnerability in Bagisto 1.3.3 allows an attacker to inject arbitrary JavaScript code into the application. An attacker can exploit this vulnerability by registering an account and editing their profile name and address with a malicious payload. When an administrator or any other user views the profile or order, the malicious code will be executed.
CMSimple 5.4 is vulnerable to Local file inclusion (LFI) to Remote code execution (RCE) when an authenticated user is present. An attacker can exploit this vulnerability by changing the functions_file parameter to php://input and sending a malicious payload to the server. This will allow the attacker to execute arbitrary code on the server.
Services By CQR