Search for hundreds of thousands of exploits

"CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting"

Author

Exploit author

DKM

Platform

Exploit platform

linux

Release date

Exploit published date

2019-05-01

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
# Exploit Title: CentOS Web Panel - Domain Field (Add DNS Zone) Cross-Site Scripting Vulnerability
# Google Dork: N/A
# Date: 22 - April - 2019
# Exploit Author: DKM
# Vendor Homepage: http://centos-webpanel.com
# Software Link: http://centos-webpanel.com
# Version: v0.9.8.793 (Free), v0.9.8.753 (Pro) and 0.9.8.807 (Pro)
# Tested on: CentOS 7
# CVE : CVE-2019-11429

# Description:
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.

# Steps to Reproduce:
1. Login into the CentOS Web Panel using admin credential.
2. From Navigation Click on "DNS Functions" > "Add DNS Zone"
3. In "Domain" field give simple payload as: "<script>alert(1)</script>//" , fill other details like IP and Admin Email and Click "Add DNS zone"
4. Now one can see that the XSS Payload executed.
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46784/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.