Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022050062

Below is a copy:

Showdoc 2.10.3 Stored Cross-Site Scripting (XSS)
# Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
# Exploit Author: Akshay Ravi
# Vendor Homepage: https://github.com/star7th/showdoc
# Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3
# Version: <= 2.10.3
# Tested on: macOS Monterey
# CVE : CVE-2022-0967

Description: Stored XSS via uploading file in .ofd format

1. Create a file with .ofd extension and add XSS Payload inside the file

filename = "payload.ofd"
payload = "<script>alert(1)</script>"

2. Login to showdoc v2.10.2 and go to file library

Endpoint = "https://www.site.com/attachment/index"

3. Upload the payload on file library and click on the check button
4. The XSS payload will executed once we visited the URL

Copyright ©2022 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.