Menu

Improved exploit search engine. Try it out

"Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting"

Author

"Ishaq Mohammed"

Platform

java

Release date

2019-01-28

Release Date Title Type Platform Author
2019-04-08 "ManageEngine ServiceDesk Plus 9.3 - User Enumeration" webapps java "Alexander Bluestein"
2019-03-19 "Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming RCE (Metasploit)" remote java Metasploit
2016-12-20 "Java Debug Wire Protocol (JDWP) - Remote Code Execution" remote java IOactive
2019-02-25 "Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution" webapps java wetw0rk
2019-02-19 "Jenkins - Remote Code Execution" webapps java orange
2019-02-18 "Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process" dos java "Google Security Research"
2019-02-18 "Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass" dos java "Google Security Research"
2019-02-18 "Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions" dos java "Google Security Research"
2019-02-18 "Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour" dos java "Google Security Research"
2019-02-05 "OpenMRS Platform < 2.24.0 - Insecure Object Deserialization" webapps java "Bishop Fox"
2019-01-28 "Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting" webapps java "Ishaq Mohammed"
2018-11-30 "Apache Spark - Unauthenticated Command Execution (Metasploit)" remote java Metasploit
2018-11-14 "Atlassian Jira - Authenticated Upload Code Execution (Metasploit)" remote java Metasploit
2018-10-24 "Apache OFBiz 16.11.04 - XML External Entity Injection" webapps java "Jamie Parfet"
2018-10-22 "Oracle Siebel CRM 8.1.1 - CSV Injection" webapps java "Sarath Nair"
2018-10-01 "ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting" webapps java "Ismail Tasdelen"
2018-10-01 "H2 Database 1.4.196 - Remote Code Execution" webapps java h4ckNinja
2018-09-27 "ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting" webapps java "Ismail Tasdelen"
2018-08-06 "Wavemaker Studio 6.6 - Server-Side Request Forgery" webapps java "Gionathan Reale"
2018-08-06 "LAMS < 3.1 - Cross-Site Scripting" webapps java "Nikola Kojic"
2018-07-16 "Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection" webapps java alt3kx
2018-07-04 "ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution" webapps java "Kacper Szurek"
2018-06-20 "MaDDash 2.0.2 - Directory Listing" webapps java ManhNho
2018-06-26 "Liferay Portal < 7.0.4 - Server-Side Request Forgery" webapps java "Mehmet Ince"
2018-06-04 "SearchBlox 8.6.7 - XML External Entity Injection" webapps java "Ahmet Gurel"
2018-05-30 "SearchBlox 8.6.6 - Cross-Site Request Forgery" webapps java "Ahmet Gurel"
2018-05-22 "ERPnext 11 - Cross-Site Scripting" webapps java "Veerababu Penugonda"
2018-05-21 "ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting" webapps java "Ahmet Gurel"
2018-05-21 "GitBucket 4.23.1 - Remote Code Execution" webapps java "Kacper Szurek"
2018-05-16 "RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting" webapps java "SEC Consult"
Release Date Title Type Platform Author
2019-01-28 "Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting" webapps java "Ishaq Mohammed"
2017-12-18 "Monstra CMS 3.0.4 - (Authenticated) Arbitrary File Upload / Remote Code Execution" webapps php "Ishaq Mohammed"
2017-11-13 "Kirby CMS < 2.5.7 - Cross-Site Scripting" webapps php "Ishaq Mohammed"
2017-10-25 "KeystoneJS 4.0.0-beta.5 - Cross-Site Scripting" webapps nodejs "Ishaq Mohammed"
2017-10-25 "KeystoneJS 4.0.0-beta.5 - CSV Excel Macro Injection" webapps nodejs "Ishaq Mohammed"
2017-10-13 "phpMyFAQ 2.9.8 - Cross-Site Scripting (2)" webapps php "Ishaq Mohammed"
2017-10-12 "OctoberCMS 1.0.425 (Build 425) - Cross-Site Scripting" webapps php "Ishaq Mohammed"
2017-09-21 "PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)" webapps php "Ishaq Mohammed"
2017-12-26 "SilverStripe CMS 3.6.2 - CSV Excel Macro Injection" webapps php "Ishaq Mohammed"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46251/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46251/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46251/40736/rundeck-community-edition-3013-persistent-cross-site-scripting/download/", "exploit_id": "46251", "exploit_description": "\"Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting\"", "exploit_date": "2019-01-28", "exploit_author": "\"Ishaq Mohammed\"", "exploit_type": "webapps", "exploit_platform": "java", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Exploit Title:  Rundeck Community Edition before 3.0.13 Multiple Stored
XSS
# Vendor Homepage: https://www.rundeck.com/open-source
# Software Link: https://docs.rundeck.com/downloads.html
# Exploit Author: Ishaq Mohammed
# Contact: https://twitter.com/security_prince
# Website: https://about.me/security-prince
# Category: webapps
# Platform: Java
# CVE: CVE-2019-6804

1. Description:
Cross-Site Scripting issues affecting multiple fields in the workflow
module under job edit form by injecting javascript code in the Arguments,
Invocation String, and File Extension field, the input from these fields
are rendered in the Execution Preview which is the sink of this
vulnerability.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6804

2. Proof of Concept:
Vulnerable Endpoints / Systems
http://{Rundeck_hostname}/project/{Jobname}/job/edit/{Job_ID}
Steps to Reproduce:
Login to Rundeck Server with valid credentials.
1. Navigate to any project in the instance.
2. Navigate to the jobs module
3. Select a job
4. From the right hand side drop down menu, select edit this job
5. Navigate to Workflow module
6. Scroll down to arguments field
7. Enter the following payload: <img/src="x"onerror=alert(19)
8. The same payload can be entered in the Advanced mode in the same module
in two other fields "Invokation String" and "File Extension"
9. Observe the payload getting executed in the "Execution Preview"

3. Solution:
The issue is now patched by the vendor in version 3.0.13
https://docs.rundeck.com/docs/history/version-3.0.13.html
https://github.com/rundeck/rundeck/issues/4406

-- 
Best Regards,
Ishaq Mohammed
https://about.me/security-prince