Advertisement






Polaris Web 1.21.1 - Reflected XSS

CVE Category Price Severity
Not specified CWE-79 $500 Medium
Author Risk Exploitation Type Date
Not specified High Remote 2023-07-27
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023070070

Below is a copy:

Polaris Web 1.21.1 - Reflected XSS
Exploit Title: Polaris Web 1.21.1 - Reflected XSS
# Exploit Author: mahdi eidi
# Date: 2023-07-09
# Vendor: Siap+Micros S.p.A.
# Technology: PHP
# Vendor Homepage: https://www.siapmicros.com/en/application/
# Tested on: kali linux
# Impact: Manipulate the content java script of the site
## Description
An attacker can inject his own malicious JavaScript code into vulnerable parameters and can also perform various actions, such as stealing the victim's session token or other users' login credentials.
# Technical Details & POC
1- login in web site 
2- fine parameter inject RXSS[destination,format,daily_day,sort...]
3- payload '"><img/src/onerror=alert(1)>'
4- sampel path [https://exampel.com/polaris/custom-synoptic?format= RXSS Payload Inject]
5- GET send Request
6- Bom! alert payload

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.