Flexmonster Pivot Table & Charts 2.7.17 – ‘To remote CSV’ Reflected XSS

  • 作者: Marco Nappi
    日期: 2020-12-21
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/49304/
  • # Exploit Title: Flexmonster Pivot Table & Charts 2.7.17 - 'To remote CSV' Reflected XSS
    # Date: 08/01/2020
    # Exploit Author: Marco Nappi
    # Vendor Homepage: https://www.flexmonster.com/
    # Version:Flexmonster Pivot Table & Charts 2.7.17
    # Tested on:Flexmonster Pivot Table & Charts 2.7.17
    # CVE : CVE-2020-20142
    
    Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.
    
    Reflected XSS:
    The Reflected XSS is a result of insufficient input sanitization of the 'path' parameter when fetching the file specifications (file_specs.php). Below I have provided an example URL. When using this URL the user navigates to an non-existing file (the XSS payload). This results in the execution of the payload.
    
    payload:
    <svg onload=alert("OpenRemoteCSV")><!--