# Exploit Title: Webgrind 1.1 - Reflected Cross-Site Scripting (XSS) & Remote Command Execution (RCE)  
# Discovery by: Rafael Pedrero  
# Discovery Date: 2022-02-13  
# Vendor Homepage:  
# Software Link :  
# Tested Version: 1.1  
# Tested on: Windows 10 using XAMPP  
# Vulnerability Type: Remote Command Execution (RCE)  
CVSS v3: 9.8  
CVSS vector: 3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H  
CWE: CWE-434  
Vulnerability description: Remote Command Execution (RCE) vulnerability in Webgrind <= 1.1 allow remote unauthenticated attackers to inject OS commands via /<webgrind_path_directory>/index.php in dataFile parameter.  
Proof of concept:  
And the calc.exe opens.  
Note: 0'&calc.exe&', & char is neccesary to execute the command.  
# Vulnerability Type: reflected Cross-Site Scripting (XSS)  
CVSS v3: 6.5  
CVSS vector: 3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N  
CWE: CWE-79  
Vulnerability description: Webgrind v1.1 and before, does not sufficiently  
encode user-controlled inputs, resulting in a reflected Cross-Site  
Scripting (XSS) vulnerability via the /<webgrind_path_directory>/index.php,  
in file parameter.  
Proof of concept:  
webgrind - fileviewer: </title><script>alert(1);</script><title> </title>  
<script type="text/javascript" charset="utf-8">