# Exploit Title: CKEditor 3 - Server-Side Request Forgery (SSRF) # Google Dorks : inurl /editor/filemanager/connectors/uploadtest.html # Date: 12-6-2021 # Exploit Author: Blackangel # Software Link: https://ckeditor.com/ # Version:all version under 4 (1,2,3) # Tested on: windows 7 Steps of Exploit:- 1-using google dorks inurl /editor/filemanager/connectors/uploadtest.html 2-after going to vulnerable page you will find filed “Custom Uploader URL: ” 3-right click then choose inspect element, click on pick an element from the page , select field Custom Uploader URL: 4-in elements “<input id=”txtCustomUrl” style=”WIDTH: 100%; BACKGROUND-COLOR: #dcdcdc” disabled=”” type=”text”>” delete disabled=”” 5-now you can put url start with any protocal 6-send it to the server as you see website that you have entered link is appear into page . what this mean??!!1 you send request to server using vulnerable website you can said i used it as proxy hackers ...
Entradas más populares de este blog
# Exploit Title: Cotonti Siena 0.9.19 - 'maintitle' Stored Cross-Site Scripting # Date: 2021-15-06 # Exploit Author: Fatih İLGİN # Vendor Homepage: cotonti.com # Vulnerable Software: https://www.cotonti.com/download/siena_0919 # Affected Version: 0.9.19 # Tested on: Windows 10 # Vulnerable Parameter Type: POST # Vulnerable Parameter: maintitle # Attack Pattern: "><img src=1 href=1 onerror="javascript:alert(1)"></img> # Description 1) Entering the Admin Panel (vulnerableapplication.com/cotonti/admin.php) 2) Then go to Configuration tab and set payload ("><img src=1 href=1 onerror="javascript:alert(1)"></img>) for Site title param 3) Then click Update button 4) In the end, Go to home page then shown triggered vulnerability # Proof of Concepts Request; POST /cotonti/admin.php?m=config&n=edit&o=core&p=title&a=update HTTP/1.1 Host: vulnerableapplication.com User-Agent: Mozilla/5.0 ...
windows usuario
<?xml version="1.0" encoding="utf-8"?> <unattend xmlns="urn:schemas-microsoft-com:unattend"> <settings pass="oobeSystem"> <component name="Microsoft-Windows-Deployment" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <Reseal> <Mode>OOBE</Mode> </Reseal> </component> <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="amd64" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <OOBE> <HideO...
Comentarios
Publicar un comentario