============================================================================================================================ | # Title : Agora project 3.3.5 XSS File upload Vulnerability | | # Author : indoushka | | # Telegram : @indoushka | | # Tested on : windows 10 Fr V.(Pro) | | # Vendor : https://www.agora-project.net/?ctrl=offline&action=download | | # Dork : n/a | ============================================================================================================================ poc : [+] go to https://www.omnispace.fr/AP-OMNISPACE/index.php?ctrl=omnispace&action=recordCommand [+] Register a new user space and follow steps [+] login in your space or use mine space : https://www.omnispace.fr/indoushka/ user : indoushka4ever@gmail.com & pass :112233az [+] file manager https://www.omnispace.fr/indoushka/?ctrl=file [+] choose your file html or svg and upload it [+] here you can found your files https://www.omnispace.fr/indoushka/HEBERGEMENT/STOCK_FICHIERS/indoushka/modFile/ Greetz :---------------------------------------------------------------------------------------- | jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic | | ================================================================================================