AjentiCP 1.2.23.13 - Cross-Site Scripting

Author: Numan OZDEMIR
type: webapps
platform: php
port: 
date_added: 2018-10-25 
date_updated: 2018-10-25 
verified: 0 
codes: CVE-2018-18548 
tags: Cross-Site Scripting (XSS)
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comajenti-1.2.23.tar.gz

# Title: AjentiCP 1.2.23.13 - Cross-Site Scripting
# Author: Numan OZDEMIR (https://infinitumit.com.tr)
# Vendor Homepage: ajenti.org
# Software Link: https://github.com/ajenti/ajenti
# Version: Up to v1.2.23.13
# CVE: CVE-2018-18548

# Description:

# Attacker can inject JavaScript codes without Ajenti privileges by this
# vulnerabillity.
# Normally an attacker cant intervene to Ajenti without Ajenti privileges.
# But with this vulnerability, if attacker can create a folder (may be by
# a web app vulnerability) he can run
# bad-purposed JavaScript codes on Ajenti user's browser, while the user
# using File Manager tool.
# So this vulnerability makes high risk.

# How to Reproduce:
1)- Create a directory as named xss payload. Like, im<img src onerror=alert(1337)>dir
2)- Open this directory in File Manager tool in Ajenti server admin panel.