Published on April 6th, 2024 📆 | 4791 Views ⚑

DerbyNet 9.0 photo.php Cross Site Scripting – Torchsec

CVE ID: CVE-2024-30921

Description:
A Cross-Site Scripting (XSS) vulnerability has been identified in DerbyNet version 9.0, specifically affecting the photo.php component. This vulnerability allows remote attackers to execute arbitrary code via crafted URLs, without requiring authentication.

Vulnerability Type: Cross-Site Scripting (XSS)

Vendor of Product: DerbyNet - Available on GitHub: https://github.com/jeffpiazza/derbynet

Affected Product Code Base: DerbyNet - v9.0

Affected Component: photo.php

Attack Type: Remote

Impact: Code execution

Attack Vectors: The vulnerability can be exploited by navigating to a specially crafted URL such as:
- http://127.0.0.1:8000/photo.php/

This method allows the attacker to inject arbitrary JavaScript that will be executed in the context of the victim's browser.

Discoverer: Valentin Lobstein

References:
- Official website: http://derbynet.com
- Source code on GitHub: https://github.com/jeffpiazza/derbynet

Source link

Tagged with: cross • derbynet • photo • photo.php • scripting • Site • torchsec

Comments are closed.

DerbyNet 9.0 photo.php Cross Site Scripting – Torchsec

🌟 Your Account

🔔 Email Subscriptions

Get new posts by email

Donate Via Wallets

Popular

Gloss

☕️Social Media

👥Members

🌍 Forum Groups