Centos web panel 0.9.8.763 persistent crosssite scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-02-11 |
Type : webapps |
Platform : linux
This exploit / vulnerability Centos web panel 0.9.8.763 persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
# Description:
A Stored Cross Site Scripting vulnerability is found in the "Package Name" Field within the 'Add a Package (add_package)' module. This is because the application does not properly sanitize the users input.
# Steps to Reproduce:
1. Login into the CentOS Web Panel using admin credential.
2. From Navigation Click on "Packages" -> then Click on "Add a Package"
3. In "Package Name" field give payload as: <script>alert(1)</script> and provide other details and click on "Create"
4. Now again from Navigation Click on "Packages" -> then Click on "List Packages"
5. Now one can see that the XSS Payload executed.
Centos web panel 0.9.8.763 persistent crosssite scripting