I Am Become Death; Destoyer of Worlds
Posts: 42
Threads: 11
Joined: Oct 2023
Dec 22, 2023, 06:36 PM
(This post was last modified: Dec 22, 2023, 06:48 PM by Farfallaiero.)
A stored cross-site scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS.
https://github.com/ahrixia/CVE-2023-50072
Quick shodan search and test on the vuln version i found seems legit - exploit says you got to be authenticated actor though which it didnt seem to be an issue with my test
![[Image: IcoXNAG.png]](https://i.imgur.com/IcoXNAG.png)
Posts: 552
Threads: 3
Joined: Jul 2023
don't no why someone have to pay 8 credit when it's all for free This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Sale of public leaks + attempted scam and manipulation. Shame. | https://breachforums.rs/Forum-Ban-Appeals if you feel this is incorrect.
I Am Become Death; Destoyer of Worlds
Posts: 42
Threads: 11
Joined: Oct 2023
(Dec 22, 2023, 06:39 PM)MI6ixy Wrote: don't no why someone have to pay 8 credit when it's all for free
wait this is behind a paywall?
Posts: 552
Threads: 3
Joined: Jul 2023
(Dec 22, 2023, 06:48 PM)Farfalla Wrote: (Dec 22, 2023, 06:39 PM)MI6ixy Wrote: don't no why someone have to pay 8 credit when it's all for free
wait this is behind a paywall?
Thanks for fixing it fart man  This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Sale of public leaks + attempted scam and manipulation. Shame. | https://breachforums.rs/Forum-Ban-Appeals if you feel this is incorrect.
I Am Become Death; Destoyer of Worlds
Posts: 42
Threads: 11
Joined: Oct 2023
(Dec 22, 2023, 06:54 PM)MI6ixy Wrote: (Dec 22, 2023, 06:48 PM)Farfalla Wrote: (Dec 22, 2023, 06:39 PM)MI6ixy Wrote: don't no why someone have to pay 8 credit when it's all for free
wait this is behind a paywall?
Thanks for fixing it fart man
welcome my negro
Posts: 552
Threads: 3
Joined: Jul 2023
(Dec 22, 2023, 07:00 PM)Farfalla Wrote: (Dec 22, 2023, 06:54 PM)MI6ixy Wrote: (Dec 22, 2023, 06:48 PM)Farfalla Wrote: (Dec 22, 2023, 06:39 PM)MI6ixy Wrote: don't no why someone have to pay 8 credit when it's all for free
wait this is behind a paywall?
Thanks for fixing it fart man
welcome my negro
Ok and add me on jabber so we can nig nig around my nigga This forum account is currently banned. Ban Length: Permanent (N/A Remaining)
Ban Reason: Sale of public leaks + attempted scam and manipulation. Shame. | https://breachforums.rs/Forum-Ban-Appeals if you feel this is incorrect.
Posts: 42
Threads: 2
Joined: Dec 2023
Dec 28, 2023, 07:15 AM
(This post was last modified: Dec 28, 2023, 07:16 AM by bonfire365.)
hey what about exploit for firewall bypass and get admin access?
have you ever looked for an exploit to bypass firewalls like Fortinet?
Posts: 146
Threads: 12
Joined: Aug 2023
(Dec 22, 2023, 06:36 PM)Farfalla Wrote: A stored cross-site scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS.
https://github.com/ahrixia/CVE-2023-50072
Quick shodan search and test on the vuln version i found seems legit - exploit says you got to be authenticated actor though which it didnt seem to be an issue with my test
nice work my friend 
|
