DomainMOD versions 4.11.01 and below suffer from a cross site scripting vulnerability in ssl-provider-name.
443161783c25f17c28f2be48b93c707ae727e8621f6a955693c68bfe15ff19be# Exploit Title : DomainMOD 4.11.01 and before - 'ssl-provider-name'
Cross-Site Scripting
# Author [ Discovered By ] : Mohammed Abdul Raheem
# Company Name : TrekShield IT Solutions
# Date : 14-02-2019
# Vendor Homepage : https://domainmod.org/
# Software Information Link : https://github.com/DomainMod/DomainMod
# Software Affected Versions : DomainMOD v4.09.03 to v4.11.01
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : Cross Site Scripting - Stored Xss
# CVE : CVE-2018-20009
# Exploit-db : https://www.exploit-db.com/?author=9783
####################################################################
# Description about Software :
***************************
DomainMOD is an open source application used to manage domains and
other internet assets in a central location
####################################################################
# Impact :
***********
* This attack vector can be used by an attacker to perform
Account Hijacking
Stealing Credentials
Sensitive Data Exposure etc..
# Cross Site Scripting - Stored XSS Exploit :
*********************************************After logging into the
Domainmod application panel, browse to the
/assets/add/ssl-provider.php page and inject a javascript XSS payload
in ssl-provider-name, ssl-provider's-url "><img src=x
onerror=alert("Xss-By-Abdul-Raheem")>
# More Information Can be find here :
*************************************https://github.com/domainmod/domainmod/issues/88
###################################################################
# Discovered By Mohammed Abdul Raheem from TrekShield.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed