DB: 2024-08-24

4 changes to exploits/shellcodes/ghdb

Calibre-web 0.6.21 - Stored XSS

Helpdeskz v2.0.2 - Stored XSS

Author: Exploit-DB

exploits/multiple/webapps/52067.txt

@@ -0,0 +1,21 @@
+# Exploit Title: Stored XSS in Calibre-web
+# Date: 07/05/2024
+# Exploit Authors: Pentest-Tools.com (Catalin Iovita & Alexandru Postolache)
+# Vendor Homepage: (https://github.com/janeczku/calibre-web/)
+# Version: 0.6.21 - Romesa
+# Tested on: Linux 5.15.0-107, Python 3.10.12, lxml	4.9.4
+# CVE: CVE-2024-39123
+
+## Vulnerability Description
+Calibre-web 0.6.21 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.
+
+## Steps to Reproduce
+1. Log in to the application.
+2. Upload a new book.
+3. Access the Books List functionality from the `/table?data=list&sort_param=stored` endpoint.
+4. In the `Comments` field, input the following payload:
+
+    <a href=javas%1Bcript:alert()>Hello there!</a>
+
+4. Save the changes.
+5. Upon clicking the description on the book that was created, in the Book Details, the payload was successfully injected in the Description field. By clicking on the message, an alert box will appear, indicating the execution of the injected script.

exploits/php/webapps/52068.txt

@@ -0,0 +1,29 @@
+# Exploit Title: Stored XSS Vulnerability via File Name
+# Google Dork: N/A
+# Date: 08 Aug 2024
+# Exploit Author: Md. Sadikul Islam
+# Vendor Homepage: https://www.helpdeskz.com/
+# Software Link:
+https://github.com/helpdesk-z/helpdeskz-dev/archive/2.0.2.zip
+# Version: v2.0.2
+# Tested on: Kali Linux /  Firefox 115.1.0esr (64-bit)
+# CVE : N/A
+
+Payload: "><img src=x onerror=alert(1);>
+Filename can be Payload: "><img src=x onerror=alert(1);>.jpg
+
+VIdeo PoC:
+https://drive.google.com/file/d/1_yh0UsX8h7YcSU1kFvg_bBwk9T7kx1K1/view?usp=drive_link
+
+Steps to Reproduce:
+    1. Log in as a regular user and create a new ticket.
+    2. Fill out all the required fields with the necessary information.
+    3. Attach an image file with a malicious payload embedded in the
+filename.
+    4. Submit the ticket.
+    5. Access the ticket from the administration panel to trigger the
+payload execution.
+
+Cross-Site Scripting (XSS) exploits can compromise the administration
+panel, directly affecting administrators by allowing malicious scripts to
+execute within their privileged environment.

files_exploits.csv

@@ -11754,6 +11754,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 48791,exploits/multiple/webapps/48791.txt,"Cabot 0.11.12 - Persistent Cross-Site Scripting",2020-09-07,"Abhiram V",webapps,multiple,,2020-09-07,2020-09-07,0,,,,,,
 48144,exploits/multiple/webapps/48144.py,"Cacti 1.2.8 - Authenticated Remote Code Execution",2020-02-03,Askar,webapps,multiple,,2020-02-27,2020-02-27,0,CVE-2020-8813,,,,,https://github.com/mhaskar/CVE-2020-8813/blob/4877c2b2f378ce5937f56b259b69b02840514d4c/Cacti-postauth-rce.py
 48145,exploits/multiple/webapps/48145.py,"Cacti 1.2.8 - Unauthenticated Remote Code Execution",2020-02-03,Askar,webapps,multiple,,2020-02-27,2020-02-27,0,CVE-2020-8813,,,,,https://github.com/mhaskar/CVE-2020-8813/blob/dfb48378f39249ff54ecf24ccd3b89db26971ccf/Cacti-preauth-rce.py
+52067,exploits/multiple/webapps/52067.txt,"Calibre-web 0.6.21 - Stored XSS",2024-08-23,"Catalin Iovita_ Alexandru Postolache",webapps,multiple,,2024-08-23,2024-08-23,0,,,,,,
 18430,exploits/multiple/webapps/18430.txt,"Campaign Enterprise 11.0.421 - SQL Injection",2012-01-30,"Craig Freyman",webapps,multiple,,2012-01-30,2012-01-30,0,OSVDB-78888,,,,,
 18247,exploits/multiple/webapps/18247.txt,"Capexweb 1.1 - SQL Injection",2011-12-16,"D1rt3 Dud3",webapps,multiple,,2011-12-16,2011-12-16,1,OSVDB-77998;CVE-2011-5031,,,,,
 50792,exploits/multiple/webapps/50792.go,"Casdoor 1.13.0 - SQL Injection (Unauthenticated)",2022-02-28,"Mayank Deshmukh",webapps,multiple,,2022-02-28,2022-02-28,0,CVE-2022-24124,,,,,
@@ -19615,6 +19616,7 @@ id,file,description,date_published,author,type,platform,port,date_added,date_upd
 10788,exploits/php/webapps/10788.txt,"Helpdesk Pilot Knowledge Base 4.4.0 - SQL Injection",2009-12-29,kaMtiEz,webapps,php,,2009-12-28,,1,,,,,,
 40300,exploits/php/webapps/40300.py,"HelpDeskZ 1.0.2 - Arbitrary File Upload",2016-08-29,"Lars Morgenroth",webapps,php,80,2016-08-29,2020-05-26,0,,,,,http://www.exploit-db.comHelpDeskZ-1.0-master.zip,
 41200,exploits/php/webapps/41200.py,"HelpDeskZ < 1.0.2 - (Authenticated) SQL Injection / Unauthorized File Download",2017-01-30,"Mariusz Poplawski",webapps,php,,2017-01-30,2017-01-31,1,,,,http://www.exploit-db.com/screenshots/idlt41500/screen-shot-2017-01-30-at-222713.png,http://www.exploit-db.comHelpDeskZ-1.0-master.zip,
+52068,exploits/php/webapps/52068.txt,"Helpdeskz v2.0.2 - Stored XSS",2024-08-23,"Md. Sadikul Islam",webapps,php,,2024-08-23,2024-08-23,0,,,,,,
 45847,exploits/php/webapps/45847.txt,"Helpdezk 1.1.1 - 'query' SQL Injection",2018-11-14,"Ihsan Sencan",webapps,php,80,2018-11-14,2018-11-14,0,,"SQL Injection (SQLi)",,,http://www.exploit-db.comhelpdezk-1.1.1.zip,
 45882,exploits/php/webapps/45882.txt,"Helpdezk 1.1.1 - Arbitrary File Upload",2018-11-16,"Ihsan Sencan",webapps,php,80,2018-11-16,2018-11-20,0,,,,,,
 41824,exploits/php/webapps/41824.txt,"HelpDEZK 1.1.1 - Cross-Site Request Forgery / Code Execution",2017-04-05,rungga_reksya,webapps,php,,2017-04-06,2017-04-06,0,CVE-2017-7447;CVE-2017-7446,,,,http://www.exploit-db.comhelpdezk-1.1.1.zip,

ghdb.xml

@@ -60756,6 +60756,18 @@ Sajan Dhakate
   <date>2020-10-19</date>
   <author>Sajan Dhakate</author>
  </entry>
+ <entry>
+  <id>8452</id>
+  <link>https://www.exploit-db.com/ghdb/8452</link>
+  <category>Files Containing Passwords</category>
+  <shortDescription>ext:nix &quot;BEGIN OPENSSH PRIVATE KEY&quot;</shortDescription>
+  <textualDescription>ext:nix &quot;BEGIN OPENSSH PRIVATE KEY&quot;</textualDescription>
+  <query>ext:nix &quot;BEGIN OPENSSH PRIVATE KEY&quot;</query>
+  <querystring>https://www.google.com/search?q=ext:nix &quot;BEGIN OPENSSH PRIVATE KEY&quot;</querystring>
+  <edb></edb>
+  <date>2024-08-23</date>
+  <author>kstrawn0</author>
+ </entry>
  <entry>
   <id>1239</id>
   <link>https://www.exploit-db.com/ghdb/1239</link>
@@ -65035,6 +65047,18 @@ See also: http://www.elladodelmal.com/2017/02/cloudshark-tus-credenciales-en-las
   <date>2021-11-15</date>
   <author>Anirudh Kumar Kushwaha</author>
  </entry>
+ <entry>
+  <id>8451</id>
+  <link>https://www.exploit-db.com/ghdb/8451</link>
+  <category>Files Containing Passwords</category>
+  <shortDescription>site:github.com &quot;BEGIN OPENSSH PRIVATE KEY&quot;</shortDescription>
+  <textualDescription>site:github.com &quot;BEGIN OPENSSH PRIVATE KEY&quot;</textualDescription>
+  <query>site:github.com &quot;BEGIN OPENSSH PRIVATE KEY&quot;</query>
+  <querystring>https://www.google.com/search?q=site:github.com &quot;BEGIN OPENSSH PRIVATE KEY&quot;</querystring>
+  <edb></edb>
+  <date>2024-08-23</date>
+  <author>kstrawn0</author>
+ </entry>
  <entry>
   <id>4299</id>
   <link>https://www.exploit-db.com/ghdb/4299</link>