CVEs-PoC/2021/CVE-2021-33570.md at main

CalvinBackup/CVEs-PoC

Fork 0

mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00

Files

0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09

2025-09-29 21:09:30 +02:00

1.2 KiB

Raw Permalink Blame History

CVE-2021-33570

Description

Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections.

POC

Reference

http://packetstormsecurity.com/files/162831/Postbird-0.8.4-Cross-Site-Scripting-Local-File-Inclusion.html
http://packetstormsecurity.com/files/162872/Postbird-0.8.4-XSS-LFI-Insecure-Data-Storage.html
https://github.com/Paxa/postbird/issues/132
https://github.com/Paxa/postbird/issues/133
https://github.com/Paxa/postbird/issues/134
https://tridentsec.io/blogs/postbird-cve-2021-33570/
https://www.exploit-db.com/exploits/49910

Github

https://github.com/ARPSyndicate/cvemon
https://github.com/Tridentsec-io/postbird
https://github.com/n0-traces/cve_monitor

1.2 KiB Raw Permalink Blame History

CVE-2021-33570

Description

POC

Reference

Github

1.2 KiB

Raw Permalink Blame History