漏洞平台

POC详情： 0eb04ca85de1d56be55f24112ba863efce7c0a6e

来源

https://github.com/DRAGOWN/CVE-2023-24709-PoC

关联漏洞

标题： Paradox Security Systems IPR512 代码注入漏洞 (CVE-2023-24709)
描述：Paradox Security Systems IPR512是美国Paradox公司的一个提供通过网络来监控管理Paradox设备的通信模块。 Paradox Security Systems IPR512版本存在安全漏洞，该漏洞源于允许攻击者通过login.html和login.xml参数造成拒绝服务。

描述

In Paradox Security System IPR512 web panel, an unauthenticated user can input JavaScript string, such as </script> that will overwrite configurations in the file "login.xml" and cause the login form to crash and make it unavailable.

介绍

# Injection vulnerability in Paradox Security Systems IPR512 - CVE-2023-24709 PoC
In Paradox Security System IPR512 web panel, an unauthenticated user can input JavaScript string, such as <code></script></code> that will overwrite configurations in the file "login.xml" and cause the login form to crash and make it unavailable. 

**!!! WARNING !!! THE SCRIPT ACTUALLY DAMAGES THE SERVICE.**

**_Be aware that by following the exploitation steps manually and/or executing the exploitation script against any target, you acknowledge that you understand the potential risks, including possible damage to the system. The author of this script is not responsible for any type of harm, loss, or damage resulting from its use. Use the script at your own risk and ensure you have adequate backups and safeguards in place before proceeding._**

**Scripting Approach**
1. An example of successful attempt of exploitation

![screenshot](/img/pss_00.png)

2. An example of unsuccessful attempt of exploitation
   
![screenshot](/img/pss_01.png)




 
**Manual Approach**

1. The Paradox Security Systems IPR512 Account Management webpanel is accessible. Typing "admin" as a user.
  
![screenshot](/img/pss_1.png)
  
2. Intercepting request with BurpSuite.
  
![screenshot](/img/pss_2.png)

3. Changing "admin" with JavaScript tag <code></script></code>
  
![screenshot](/img/pss_3.png)

4. URL encoding <code></script></code> to bypass security filter and sending request.

![screenshot](/img/pss_4.png)

5. If accessing the login.xml isn't restricted, you can check that it is overwritten.
  
![screenshot](/img/pss_5.png)

6. The webpanel login form isn't accessible anymore as it is crashed.
  
![screenshot](/img/pss_6.png)

Code injection vulnerability in login.html in Web panel login page on IPR512 of the Paradox Security Systems product that allows a remote or local attacker to cause the web panel login page crash via injecting easy JavaScript code into login form page such as <code></script></code>.

文件快照


 [4.0K]  /data/pocs/0eb04ca85de1d56be55f24112ba863efce7c0a6e
├── [2.8K]  cve-2023-24709.sh
├── [4.0K]  img
│   ├── [ 74K]  pss_00.png
│   ├── [ 75K]  pss_01.png
│   ├── [ 41K]  pss_1.png
│   ├── [ 48K]  pss_2.png
│   ├── [ 49K]  pss_3.png
│   ├── [ 59K]  pss_4.png
│   ├── [ 29K]  pss_5.png
│   └── [ 25K]  pss_6.png
└── [2.0K]  README.md

1 directory, 10 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。