Published on May 4th, 2023 📆 | 7965 Views ⚑
0Companymaps 8.0 Cross Site Scripting – Torchsec
- Google Dork:
- Date: 27.04.2023
- Exploit Author: Lucas Noki (0xPrototype)
- Vendor Homepage: https://github.com/vogtmh
- Software Link: https://github.com/vogtmh/cmaps
- Version: 8.0
- Tested on: Mac, Windows, Linux
- CVE : CVE-2023-29808
*Description:*
The vulnerability found is Reflected Cross Site Scripting. When the `/index.php?map=overview&findme=` endpoint is hit with a request where the "findme" parameter contains a malicious payload we have the possibility to perform an XSS attack. This happens because the input isn't sanitized.
*Steps to reproduce:*
1. Clone the repository and install the application
2. Send a maliciously crafted payload via the "findme" parameter to the following endpoint: /index.php?map=overview&findme=
3. The payload used is: ";alert(document.cookie)//
4. Simply visiting the complete URL: http://IP/index.php?map=overview&findme=";alert(document.cookie)// is enough. Now an alertbox should pop up with your current cookie value.
Special thanks goes out to iCaotix who greatly helped me in getting the environment setup as well as debugging my payload.
Gloss