Search for hundreds of thousands of exploits

"BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting"

Author

Exploit author

"William Summerhill"

Platform

Exploit platform

multiple

Release date

Exploit published date

2020-06-24

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
# Exploit title: BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting
# Exploit Author: William Summerhill
# Date: 2020-06-22
# Vendor homepage: https://www.globalradar.com/
# Tested on: Window
# CVE-2020-14943

# Description: The "Firstname" and "Lastname" parameters in Global RADAR BSA Radar 1.6.7234.X 
# are vulnerable to a stored Cross-Site Scripting (XSS) via the Update User Profile feature 
# (in the top-right of the application).

# Proof of Concept:

Using the "update user profile" feature in the top-right of the application while logged in, 
a malicious user can inject malicious, unencoded scripts, such as "<script>alert(1)</script>", 
into the Firstname and Lastname parameters of a user account. This stored XSS will execute on 
nearly every application page as these parameters are always present while logged in. This attack 
can be further leveraged by utilizing an existing authorization bypass exploit (CVE-2020-14944) 
to inject stored XSS payloads into these parameters for arbitrary existing user accounts.

Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14943
Release DateTitleTypePlatformAuthor
2020-09-11"Tea LaTex 1.0 - Remote Code Execution (Unauthenticated)"webappsmultiplenepska
2020-09-11"VTENEXT 19 CE - Remote Code Execution"webappsmultiple"Marco Ruela"
2020-09-07"Cabot 0.11.12 - Persistent Cross-Site Scripting"webappsmultiple"Abhiram V"
2020-08-28"Nagios Log Server 2.1.6 - Persistent Cross-Site Scripting"webappsmultiple"Jinson Varghese Behanan"
2020-08-27"Mida eFramework 2.9.0 - Remote Code Execution"webappsmultipleelbae
2020-08-26"Ericom Access Server x64 9.2.0 - Server-Side Request Forgery"webappsmultiplehyp3rlinx
2020-08-26"Eibiz i-Media Server Digital Signage 3.8.0 - Directory Traversal"webappsmultipleLiquidWorm
2020-07-26"Socket.io-file 2.0.31 - Arbitrary File Upload"webappsmultipleCr0wTom
2020-07-26"Bio Star 2.8.2 - Local File Inclusion"webappsmultiple"SITE Team"
2020-07-26"Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication)"webappsmultiplebdrake
Release DateTitleTypePlatformAuthor
2020-07-14"BSA Radar 1.6.7234.24750 - Local File Inclusion"webappsmultiple"William Summerhill"
2020-07-08"BSA Radar 1.6.7234.24750 - Cross-Site Request Forgery (Change Password)"webappshardware"William Summerhill"
2020-07-07"BSA Radar 1.6.7234.24750 - Authenticated Privilege Escalation"webappsmultiple"William Summerhill"
2020-06-24"BSA Radar 1.6.7234.24750 - Persistent Cross-Site Scripting"webappsmultiple"William Summerhill"
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/48619/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.