LISTSERV 17 – Reflected Cross Site Scripting (XSS)

• Exploit Database
• 13 阅读

• 作者： Shaunt Der-Grigorian
  日期： 2023-03-30
• 类别：

  • webapps
  平台：

  • cgi
• 来源：https://www.exploit-db.com/exploits/51148/

• # Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting (XSS)
  # Google Dork: inurl:/scripts/wa.exe
  # Date: 12/01/2022
  # Exploit Author: Shaunt Der-Grigorian
  # Vendor Homepage: https://www.lsoft.com/
  # Software Link: https://www.lsoft.com/download/listserv.asp
  # Version: 17
  # Tested on: Windows Server 2019
  # CVE : CVE-2022-39195
  
  A reflected cross-site scripting (XSS) vulnerability in the LISTSERV 17 web interface allows remote attackers to inject arbitrary JavaScript or HTML via the "c" parameter.
  
  To reproduce, please visit
  http://localhost/scripts/wa.exe?TICKET=test&c=%3Cscript%3Ealert(1)%3C/script%3E
  (or whichever URL you can use for testing instead of localhost).
  
  The "c" parameter will reflect any value given onto the page.
  
  # Solution
  This vulnerability can be mitigated by going under "Server Administration" to "Web Templates" and editing the BODY-LCMD-MESSAGE web template. Change &+CMD; to &+HTMLENCODE(&+CMD;); .