0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Open-AudIT Community 2.2.6 - Cross-Site Scripting Vulnerability
Author
Risk
[Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
# Exploit Title: Open-AudIT Community 2.2.6 - Cross-Site Scripting # Exploit Author: Ranjeet Jaiswal # Vendor Homepage: https://opmantek.com/ # Software Link:https://opmantek.com/network-tools-download/open-audit/ # Affected Version: 2.2.6 # Category: WebApps # Tested on: Windows 10 # CVE : CVE-2018-14493 # 1. Vendor Description: # Network Discovery and Inventory Software | Open-AudIT | Opmantek # Discover what's on your network # Open-AudIT is the world's leading network discovery, inventory and audit # program. Used by over 10,000 customers. # 2. Technical Description: # Cross-site scripting (XSS) vulnerability on Groups Page in Open-AudIT # Community edition in 2.2.6 allows remote attackers to inject arbitrary web # script or HTML in group name,as demonstrated in below POC. # 3. Proof Of Concept: # 3.1. Proof of Concept for Injecting html contain # Step to reproduce. # Step1:Login in to Open-Audit # Step2:Go to Group page # Step3:Select any group which are listed # Step4:click on "Details tab". # Step5:In the Name field put the following payload and saveit. <p>Sorry! We have moved! The new URL is: <a href="http://geektyper.com/ ">Open-Audit</a></p> # Step6:Click on "View Tab" in which payload is put. # Step7:When user Click on View Tab.User will see redirection hyperlink. # Step8:When user click on link ,User will be redirected to Attacker or # malicious website. # 3.2. Proof of Concept for Injecting web script(Cross-site scripting) # #Step to reproduce. # Step1:Login in to Open-Audit # Step2:Go to Groups page # Step3:Select any group which are listed # Step4:click on "Details tab" in which payload is put. # Step5:In the Name field put the following payload and Saveit. <script>alert(hack)</script> # Step6:Click on "View Tab" of group in which payoad is put. # Step7:When user Click on View Tab an Alert Popup will execute. # 0day.today [2024-11-15] #