Hebing123
commented
9 months ago This is the vulnerability exploitation reference for CVE-2024-24130
Open Hebing123 opened 10 months ago
Hebing123
commented
9 months ago This is the vulnerability exploitation reference for CVE-2024-24130
Summary
Mail2World V12 Business Control Center has a reflective cross-site vulnerability.
Details
A reflective XSS vulnerability exists in the resellercenter/login.asp path of Mail2World v12 Business Control Center. The cause of this XSS vulnerability is that Usr parameters are displayed to the front end without any filtering.
Proof of Concept (POC)
https://ip:port/resellercenter/login.asp?Usr=%22%3E%3CScRiPt%3Ealert(document.cookie)%3C/ScRiPt%3E
Impact
After accessing a malicious url, the visitor's browser executes a malicious script inserted by the attacker.