DomainMOD 4.11.01 – ‘assets/edit/host.php?whid=5’ Cross-Site Scripting

• Exploit Database
• 113 阅读

• 作者： Mohammed Abdul Kareem
  日期： 2019-02-14
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46376/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

  # Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting # Date: 2018-11-22 # Exploit Author: Mohammed Abdul Kareem # Vendor Homepage: domainmod (https://domainmod.org/) # Software Link: domainmod (https://github.com/DomainMod/DomainMod) # Version: v4.09.03 to v4.11.01 # CVE : CVE-2018-19915 # A Stored Cross-site scripting (XSS) was discovered in DomainMod application # versions from v4.09.03 to v4.11.01 # After logging into the Domainmod application panel, browse to the /assets/edit/host.php?whid=5 page and inject a javascript XSS payload in "Web Host Name" & "Web Host&apos;s url fields "><img src=x onerror=alert("XSSed-By-Abdul-Kareem")>   #POC : attached here https://github.com/domainmod/domainmod/issues/87