Exploits / Vulnerability Discovered : 2019-01-24 |
Type : webapps |
Platform : cgi
This exploit / vulnerability Sirsidynix elibrary 3.5.x crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
# Exploit Title: SirsiDynix e-Library <= 3.5.x - Cross-Site Scripting
# CVE: CVE-2018-20503
# Date: 2019-24-01
# Google Dork: inurl:/x/x/0/49
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Contact: https://pentest.com.tr
# Vendor Homepage: http://www.sirsidynix.com
# Version: 3.5.x
# Category: Webapps
# Tested on: Firefox/52 and Chrome/69
# Software Description : As SirsiDynix Symphony’s core discovery portal,
e-Library gives
# Symphony users the basic tools they need to find the resources they seek.
# e-Library offers users speedy and relevant search results as well as a
user-friendly interface to make discovery simple
# Description : Exploiting these issues could allow an attacker to steal
cookie-based authentication credentials,
# compromise the application, access or modify data, or exploit latent
vulnerabilities in the underlying database.
# SirsiDynix e-Library 3.5.x is vulnerable; prior versions may also be
affected.
# ==================================================================