# Exploit Title: Serenity Client Management Portal Multiple Vulnerabilities# Date: 08-10-2014# Exploit Author: Halil Dalabasmaz# Version: v1.0.1# Software Link: http://codecanyon.net/item/serenity-client-management-portal/9136098# Software Test Link: http://www.zenperfectdesign.com/demo/serenity-cc/# Vulnerabilities Description:===Unrestricted File Upload===
Login to system and go to "Profile" section. Now you can upload anyfileor shell filefrom"Profile Image" section.
Solution
Filter the files aganist to attacks.======Stored XSS===
Login to system and go to "Profile" section. Now you can run any XSS payloads on all profile inputs.
Sample Payload for XSS: "><script>alert(document.cookie);</script>
Solution
Filter the files aganist to attacks.
