Arachni Web Application Scanner Web UI – Persistent Cross-Site Scripting

• Exploit Database
• 15 阅读

• 作者： Prakhar Prasad
  日期： 2014-09-01
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/34513/

• Title: Arachni Web Application Scanner Web UI Stored XSS Vulnerability
  CVE: 2014-5469
  Vendor Homepage: http://www.arachni-scanner.com/
  Author: Prakhar Prasad
  Author Homepage: https://prakharprasad.com
  Reference: https://github.com/Arachni/arachni-ui-web/issues/71
  Affected Version: Arachni v0.4.7/WebUI v0.4.4 (possibly in lower versions
  too)
  Date: August 17th 2014
  Tested on: Arachni v0.4.7/WebUI v0.4.4 - Ubuntu 14.04
  
  
   Details
  =======
  
  This is an authenticated Stored XSS, hence the user needs to be logged in
  to exploit this issue.
  
  A malicious user (admin/regular) can initiate a website scan in the Arachni
  Web UI. After initiating the scan, there is an option of users to comment
  onto it (with Markdown formatting). However using Markdown the malicious
  user can craft a link that will execute arbitrary Javascript once clicked.
  
  The proof of concept XSS comment: [XSS](javascript:alert('XSS'))
  
  The above comment will roughly translate into: <a
  href="javascript:alert('XSS');">XSS</a>. Hence creating an anchor with
  user-supplied Javascript content.