Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormRanjeet JaiswalPACKETSTORM:148837
HistoryAug 06, 2018 - 12:00 a.m.

Open-AudIT Community 2.2.6 Cross Site Scripting

2018-08-0600:00:00
Ranjeet Jaiswal
packetstormsecurity.com
15

EPSS

0.893

Percentile

98.8%

JSON
`# Exploit Title: Open-AudIT Community 2.2.6 - Cross-Site Scripting  
# Google Dork:NA  
# Exploit Date: 2018-08-01  
# Exploit Author: Ranjeet Jaiswal  
# Vendor Homepage: https://opmantek.com/  
# Software Link:https://opmantek.com/network-tools-download/open-audit/  
# Affected Version: 2.2.6  
# Category: WebApps  
# Tested on: Windows 10  
# CVE : CVE-2018-14493  
  
# 1. Vendor Description:  
# Network Discovery and Inventory Software | Open-AudIT | Opmantek  
# Discover what's on your network  
# Open-AudIT is the world's leading network discovery, inventory and audit  
# program. Used by over 10,000 customers.  
  
# 2. Technical Description:  
# Cross-site scripting (XSS) vulnerability on Groups Page in Open-AudIT  
# Community edition in 2.2.6 allows remote attackers to inject arbitrary web  
# script or HTML in group name,as demonstrated in below POC.  
  
# 3. Proof Of Concept:  
# 3.1. Proof of Concept for Injecting html contain  
# Step to reproduce.  
# Step1:Login in to Open-Audit  
# Step2:Go to Group page  
# Step3:Select any group which are listed  
# Step4:click on "Details tab".  
# Step5:In the Name field put the following payload and saveit.  
  
<p>Sorry! We have moved! The new URL is: <a href="http://geektyper.com/  
">Open-Audit</a></p>  
  
# Step6:Click on "View Tab" in which payload is put.  
# Step7:When user Click on View Tab.User will see redirection hyperlink.  
# Step8:When user click on link ,User will be redirected to Attacker or  
# malicious website.  
  
# 3.2. Proof of Concept for Injecting web script(Cross-site scripting)  
  
# #Step to reproduce.  
# Step1:Login in to Open-Audit  
# Step2:Go to Groups page  
# Step3:Select any group which are listed  
# Step4:click on "Details tab" in which payload is put.  
# Step5:In the Name field put the following payload and Saveit.  
  
<script>alert(hack)</script>  
  
# Step6:Click on "View Tab" of group in which payoad is put.  
# Step7:When user Click on View Tab an Alert Popup will execute.  
  
`

Related

zdt 1
osv 1
prion 1
cvelist 1
exploitdb 1
exploitpack 1
openvas 1
cve 1
nvd 1
zdt
zdt
Open-AudIT Community 2.2.6 - Cross-Site Scripting Vulnerability
2018-08-07 00:00:00
osv
osv
CVE-2018-14493
2018-07-25 23:29:00
prion
prion
Cross site scripting
2018-07-25 23:29:00
cvelist
cvelist
CVE-2018-14493
2018-07-25 23:00:00
exploitdb
exploitdb
Open-AudIT Community 2.2.6 - Cross-Site Scripting
2018-08-06 00:00:00
exploitpack
exploitpack
Open-AudIT Community 2.2.6 - Cross-Site Scripting
2018-08-06 00:00:00
openvas
openvas
Open-AudIT Community 'Groups Page' Cross Site Scripting Vulnerability
2018-07-27 00:00:00
cve
cve
CVE-2018-14493
2018-07-25 23:29:00
nvd
nvd
CVE-2018-14493
2018-07-25 23:29:00

EPSS

0.893

Percentile

98.8%

JSON
Related for PACKETSTORM:148837
zdt1osv1prion1cvelist1exploitdb1exploitpack1openvas1cve1nvd1