Agora Project 3.3.5 Cross Site Scripting

Agora Project version 3.3.5 suffers from a cross site scripting vulnerability via file uploads.


MD5 | 19ec3f68485f461850f2545ca0ce2717

============================================================================================================================
| # Title : Agora project 3.3.5 XSS File upload Vulnerability |
| # Author : indoushka |
| # Telegram : @indoushka |
| # Tested on : windows 10 Fr V.(Pro) |
| # Vendor : https://www.agora-project.net/?ctrl=offline&action=download |
| # Dork : n/a |
============================================================================================================================

poc :


[+] go to https://www.omnispace.fr/AP-OMNISPACE/index.php?ctrl=omnispace&action=recordCommand

[+] Register a new user space and follow steps

[+] login in your space or use mine space : https://www.omnispace.fr/indoushka/ user : [email protected] & pass :112233az

[+] file manager https://www.omnispace.fr/indoushka/?ctrl=file

[+] choose your file html or svg and upload it

[+] here you can found your files

https://www.omnispace.fr/indoushka/HEBERGEMENT/STOCK_FICHIERS/indoushka/modFile/

Greetz :----------------------------------------------------------------------------------------
|
jericho * Larry W. Cashdollar * shadow0075 * djroot.dz *Gjoko 'LiquidWorm' Krstic |
|
================================================================================================

Related Posts