Exploits / Vulnerability Discovered : 2018-10-06 |
Type : webapps |
Platform : php
This exploit / vulnerability Chamilo lms 1.11.8 firstname crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting
# Author: Cakes
# Discovery Date: 2018-10-06
# Vendor Homepage: https://chamilo.org
# Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip
# Tested Version: 1.11.8 for php5
# Tested on OS: Kali Linux
# CVE: N/A
# Description:
# Improper input validation on the Firstname and Lastname fields allow attackers to add a persistent
# Cross-Site scripting attack when registering as a new user
# Simply intercept a new registration request and add in the XSS in the firstname / lastname fields.
# I'm sure there are more exploit vectors on this software. No time to check, had to move along.