Serenity Client Management Portal 1.0.1 – Multiple Vulnerabilities

Exploit Database
16 阅读

作者： Halil Dalabasmaz

日期： 2014-11-10
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35197/

# Exploit Title: Serenity Client Management Portal Multiple Vulnerabilities
# Date: 08-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.0.1
# Software Link: http://codecanyon.net/item/serenity-client-management-portal/9136098
# Software Test Link: http://www.zenperfectdesign.com/demo/serenity-cc/

# Vulnerabilities Description:

===Unrestricted File Upload===
Login to system and go to "Profile" section. Now you can upload any file or shell file from "Profile Image" section.

Solution
Filter the files aganist to attacks.

===

===Stored XSS===
Login to system and go to "Profile" section. Now you can run any XSS payloads on all profile inputs.

Sample Payload for XSS: "><script>alert(document.cookie);</script>

Solution
Filter the files aganist to attacks.

last Exploits
Serenity Client Management Portal 1.0.1 – Multiple Vulnerabilities的更多信息

Typesetter CMS 5.1 – Arbitrary Code Execution (Authenticated)：
WordPress Plugin Ultimate Product Catalog 4.2.24 – PHP Object Injection：
superengine CMS (Custom Pack) – SQL Injection：
Trade Manager Script – SQL Injection：
Free Hosting Manager 2.0.2 – Multiple SQL Injections：
Left 4 Dead Stats 1.1 – SQL Injection：
Exponent CMS 2.0.0 Beta 1.1 – Local File Inclusion / Arbitrary File Upload：
Apple WebKit / Safari 10.0.2(12602.3.12.0.1) – ‘operationSpreadGeneric’ Universal Cross-Site Scripting：