Agora project 3.3.5 XSS File upload Vulnerability

2018.01.20

indoushka (DZ)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

============================================================================================================================
| # Title : Agora project 3.3.5 XSS File upload Vulnerability |
| # Author : indoushka |
| # Telegram : @indoushka |
| # Tested on : windows 10 Fr V.(Pro) |
| # Vendor : https://www.agora-project.net/?ctrl=offline&action=download |
| # Dork : n/a |
============================================================================================================================
poc :
[+] go to https://www.omnispace.fr/AP-OMNISPACE/index.php?ctrl=omnispace&action=recordCommand
[+] Register a new user space and follow steps
[+] login in your space or use mine space : https://www.omnispace.fr/indoushka/ user : indoushka4ever@gmail.com & pass :112233az
[+] file manager https://www.omnispace.fr/indoushka/?ctrl=file
[+] choose your file html or svg and upload it
[+] here you can found your files
https://www.omnispace.fr/indoushka/HEBERGEMENT/STOCK_FICHIERS/indoushka/modFile/
Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Agora project 3.3.5 XSS File upload Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.