Tagstoo_2.0.1_XSS&RCE漏洞

# Tagstoo 2.0.1 XSS&RCE漏洞
==EXP==

# Exploit Title: Tagstoo 2.0.1 - Stored XSS to RCE
# Exploit Author: TaurusOmar
# Date: 04/05/2021
# CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
# Risk: High (8.8)
# Vendor Homepage: https://tagstoo.sourceforge.io/
# Version: v2.0.1
# Tested on: Windows, Linux, MacOs

# Software Description:
Software to tag folders and files, with multimedia and epubs preview.
You can export data with the tagging information to a file, as backup or to import it in any computer.

# Vulnerability Description:

The software allows you to store payloads in the form of files or custom tags, once the malicious code is entered, the payload will be executed immediately.

The attacker can send a malicious file with the payload, when this file is opened, the chain will be executed successfully giving access to the
the remote attacker to get remote execution on the computer or directly open the folder in the program.

# Proof video
https://imgur.com/a/smeAjaW


# Payload 1: exec(calc)

#Decode Payload


#Encode Payload



# Payload 2: exec(netcat remote stolen file => /etc/passwd)

#Decode Payload