Thinfinity VirtualUI 2.5.41.0 – IFRAME Injection

• Exploit Database
• 18 阅读

• 作者： Daniel Morales
  日期： 2022-02-21
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/50770/

• Exploit Title: Thinfinity VirtualUI 2.5.41.0- IFRAME Injection
  Date: 16/12/2021
  Exploit Author: Daniel Morales
  Vendor: https://www.cybelesoft.com <https://www.cybelesoft.com/>
  Software Link: https://www.cybelesoft.com/thinfinity/virtualui/ <https://www.cybelesoft.com/thinfinity/virtualui/>
  Version: Thinfinity VirtualUI < v3.0
  Tested on: Microsoft Windows
  CVE: CVE-2021-45092
  
  How it works
  By accessing the following payload (URL) an attacker could iframe any external website (of course, only external endpoints that allows being iframed).
  
  Payload
  The vulnerable vector is "https://example.com/lab.html?vpath=//wikipedia.com <https://example.com/lab.html?vpath=//wikipedia.com> " where "vpath=//" is the pointer to the external site to be iframed.
  
  Vulnerable versions
  It has been tested in VirtualUI version 2.1.37.2, 2.1.42.2, 2.5.0.0, 2.5.36.1, 2.5.36.2 and 2.5.41.0.
  
  References
  https://github.com/cybelesoft/virtualui/issues/2 <https://github.com/cybelesoft/virtualui/issues/2>
  https://www.tenable.com/cve/CVE-2021-45092 <https://www.tenable.com/cve/CVE-2021-45092>
  https://twitter.com/danielmofer <https://twitter.com/danielmofer>