EXPLOITS

Serenity Client Management Portal 1.0.1 - Multiple Vulnerabilities

Author: Halil Dalabasmaz
type: webapps
platform: php
port: 
date_added: 2014-11-12  
date_updated: 2014-11-12  
verified: 0  
codes: OSVDB-114661;OSVDB-114660  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 35197.txt  

# Exploit Title: Serenity Client Management Portal Multiple Vulnerabilities
# Date: 08-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.0.1
# Software Link: http://codecanyon.net/item/serenity-client-management-portal/9136098
# Software Test Link: http://www.zenperfectdesign.com/demo/serenity-cc/

# Vulnerabilities Description:

===Unrestricted File Upload===
Login to system and go to "Profile" section. Now you can upload any file or shell file from "Profile Image" section.

Solution
Filter the files aganist to attacks.

===

===Stored XSS===
Login to system and go to "Profile" section. Now you can run any XSS payloads on all profile inputs.

Sample Payload for XSS: "><script>alert(document.cookie);</script>

Solution
Filter the files aganist to attacks.