This exploit allows an authenticated user to upload a malicious file to the vulnerable ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux systems. The exploit uses a POST request to upload the malicious file to the vulnerable system. The exploit has been tested on Debian9,10~Ubuntu16.04.
This exploit allows an authenticated user to upload arbitrary files to the vulnerable ScadaBR 1.0, ScadaBR 1.1CE and ScadaBR 1.0 for Linux systems. The exploit is written in Python and requires the target IP, port, user and password as arguments. The exploit first attempts to authenticate with the provided credentials and then uploads the arbitrary file.
Latrix 0.6.0 is vulnerable to SQL Injection via the 'txtaccesscode' parameter. An attacker can exploit this vulnerability by sending a malicious payload to the vulnerable parameter. This can be done by sending a POST request to the 'inandout.php' page with the malicious payload in the 'txtaccesscode' parameter. The payload used to exploit this vulnerability is 'txtaccesscode=-3451' OR 7070=7070#&btnsubmit=Submit'. This payload can be used to bypass authentication and gain access to the application.
A stored XSS vulnerability exists in CourseMS 2.1, which allows an attacker to inject malicious JavaScript code into the 'name' parameter of the add_jobs.php page. When a user visits the add_user.php page, the malicious code is executed, allowing the attacker to access the user's cookies.
An anonymous user can exploit a stored XSS vulnerability in Zabbix 3.4.7 by creating a new dashboard, adding a new widget, and pasting malicious code into the parameter 'Name'. This code will create a new user with the username 'hck' and the password 'hck' when the 'Add' button is clicked.
Openlitespeed 1.7.9 is vulnerable to stored cross-site scripting (XSS) in the 'Notes' parameter. An attacker can inject malicious JavaScript code into the 'Notes' parameter and then trigger the XSS when the administrator clicks on the Default icon. This can be exploited by sending a specially crafted POST request to the 'confMgr.php' script.
GetSimple CMS v3.3.16 suffers from a Reflected XSS on the Admin Login Portal. On August 12th, 2020, the vendor received full disclosure details of the vulnerability via private email. The vulnerability was publicly disclosed on September 13th, 2020 via MITRE with the publication of CVE-2020-23839, which contained little details and no proof of concept. On January 20th, 2021 full disclosure and code analysis was publicly disclosed under the GetSimple CMS GitHub active issues ticket. This exploit creates a Reflected XSS payload, in the form of a hyperlink, which exploit CVE-2020-23839. When an Administrator of the GetSimple CMS system goes to this URL in their browser and enters their credentials, a sophisticated exploitation attack-chain will be launched, which will allow the remote attacker to gain Remote Code Execution of the server that hosts the GetSimple CMS system.
Budget Management System 1.0 is vulnerable to stored XSS. An attacker can inject malicious JavaScript code into the 'Budget title' field, which is stored in the database. When a user visits the page, the malicious code is executed in the user's browser. This can be used to steal the user's cookie, redirect the user to a malicious website, etc.
Log in with a valid username and password. Navigate to http://localhost/deped/admin/item.php and add an item with the payload <script>alert(1)</script>. Navigate to http://localhost/deped/admin/employee.php and add an employee with the payload <script>alert(2)</script>. Post saved successfully, reload the page or navigate to any page and the XSS will be triggered.
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
Services By CQR