Exploiting a Reflected Cross-Site Scripting (XSS) attack to get a Remote Command Execution (RCE) through the Webmin's running process feature.
A stored cross-site scripting (XSS) vulnerability exists in WordPress Plugin KN Fix Your Title 1.0.1. An attacker can inject malicious JavaScript code into the 'Separator' input field and when the same functionality is triggered, the malicious code will be executed in the victim's browser.
Install WordPress 5.7.2, Install and activate Mimetic Books, Navigate to Settings >> Mimetic Books API and enter the XSS payload into the Default Publisher ID input field, Click Save Changes, Payload Used: '><script>alert(document.cookie)</script>
WordPress Plugin LearnPress version 3.2.6.8 is vulnerable to privilege escalation. An attacker can exploit this vulnerability by finding out their user id and executing the payload http://<host>/wp-admin/?action=accept-to-be-teacher&user_id=<your_id>
This exploit allows an attacker to modify arbitrary files on Aruba Instant devices running versions 6.4.x: 6.4.4.8-4.2.4.17 and below, 6.5.x: 6.5.4.18 and below, 8.3.x: 8.3.0.14 and below, 8.5.x: 8.5.0.11 and below, 8.6.x: 8.6.0.6 and below, 8.7.x: 8.7.1.0 and below. The exploit uses a race condition between the PAPI message and telnet to gain access to the device's configuration. The attacker can then use the credentials obtained from the telnet session to log in to the device and retrieve the configuration.
This exploit allows an attacker to execute arbitrary commands on the vulnerable Seagate BlackArmor NAS sg2000-2000.1331 device. The exploit is triggered by sending a specially crafted HTTP request to the localJob.php page, which contains a malicious command that is executed by the vulnerable device.
ForgeRock AM server before 7.0 has a Java deserialization vulnerability in the jato.pageSession parameter on multiple pages.The exploitation does not require authentication, and remote code execution can be triggered by sending a single crafted/ccversion/* request to the server. The vulnerability exists due to the usage of Sun ONE Application Framework (JATO)found in versions of Java 8 or earlier.
Exploiting the install.php finish process by injecting php payload into the db_database parameter & read the system command output from configure.php. The RCE doesn't need to be authenticated.
Install WordPress 5.7.2, Install and activate Custom Book, Navigate to Tools >> Current Book and enter the XSS payload into the Book and Author input field, Click Update Options, You will observe that the payload successfully got stored into the database and when you are triggering the same functionality at that time JavaScript payload is executing successfully and we are getting a pop-up.
This vulnerability allows an attacker to create a malicious web page that, when visited by an authenticated user, will modify the user's settings in Webmin. This vulnerability affects all versions of Webmin <= 1.973.
Services By CQR