====================================================================================================================================
| # Title : ERPnext 11.x.x XSS via file uploads upload Vulnerability |
| # Author : indoushka |
| # Telegram : @indoushka |
| # Tested on : windows 10 Français V.(Pro) |
| # Vendor : https://erpnext.com/ |
| # Dork : "Powered by ERPNext" |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine .
[+] chose web siite and singup .
[+] go to update profile : https://www.empowery.com/update-profile?name=
[+] chose your Ev!l & upload it & go to :/files/yours
http://www.solufy.in/files/index.svg
http://www.solufy.in/files/php
https://www.empowery.com/files/info.txt
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
|
=======================================================================================================================================