Countly – Cross-Site Scripting

• Exploit Database
• 119 阅读

• 作者： Sleepy
  日期： 2018-08-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/45228/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

  ############################################################################ # Exploit Title: Countly-server Stored(Persistent) XSS Vulnerability # Date: Monday - 2018 13 August # Author: 10:10AM Team # Discovered By: Sleepy # Software Link: https://github.com/Countly/countly-server # Version: All Version # Category: Web-apps # Security Risk: Critical # Tested on: GNU/Linux Ubuntu 16.04 - win 10 ############################################################################ #Exploit: #Description: # # Attacker can use multiple parameters in the provided link to inject his own data in the database # of this application,the injected data can then be directly viewed in the event logs panel # (manage>logger). # Attacker may use this vulnerability to inject his own payload for attacks like Stored XSS. # The injected payload will be executed everytime that the target page gets visited/refreshed. # #Proof of Concept: # # Injection URL: # #� http://[server_ip]:[api_port]/i?api_key=[api_key]&parameter_1=[payload_1]&parameter_2=[payload_2]&etc... # # Execution URL(login to server dashboard and navigate to "event logs" panel): # #�http://[server_ip]:[server_port]/dashboard#/[app_key]/manage/logger # # ############################################################################ # WE ARE: Sleepy({ssleeppyy@gmail.com}), Mikili({mikili.land@gmail.com}) ############################################################################