POC详情: 42b75c2cc8bc637455116198a31327da3e73c8d0

来源
https://github.com/theexploiters/CVE-2024-39123-Exploit
关联漏洞
标题: Calibre-Web 安全漏洞 (CVE-2024-39123)
描述:Calibre-Web是一款用于浏览、阅读和下载Calibre数据库中电子书的Web应用程序。 Calibre-Web 0.6.0版本至0.6.21版本存在安全漏洞,该漏洞源于清理不当,容易受到跨站脚本的攻击。
描述
Exploit For: CVE-2024-39123: Stored XSS in Calibre-web 0.6.21
介绍
# CVE-2024-39123: Stored XSS in Calibre-web 0.6.21

## Exploit Details

- **Exploit Title**: Stored XSS in Calibre-web
- **Date**: 2024-05-07
- **Exploit Authors**: Catalin Iovita & Alexandru Postolache (Pentest-Tools.com)
- **Vendor Homepage**: [Calibre-web GitHub Repository](https://github.com/janeczku/calibre-web/)
- **Version**: 0.6.21 - Romesa
- **Tested on**: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4
- **CVE**: CVE-2024-39123

## Vulnerability Description

Calibre-web 0.6.21 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This flaw allows an attacker to inject and store malicious scripts on the server. These scripts are subsequently executed in the context of another user's session when they access the infected part of the application.

## Steps to Reproduce

1. **Log In**: Authenticate to the Calibre-web application with a valid user account.
2. **Upload a New Book**: Navigate to the upload section and upload a new book.
3. **Access Books List**: Visit the `/table?data=list&sort_param=stored` endpoint to view the Books List.
4. **Inject Payload**: In the `Comments` field of the uploaded book, insert the following payload:

    ```html
    <a href=javas%1Bcript:alert()>Hello there!</a>
    ```

5. **Save Changes**: Submit the form to save the changes.
6. **Trigger the Payload**: Go to the Book Details of the uploaded book. Click on the description to trigger the stored script. An alert box will appear, indicating the successful execution of the injected script.

## Impact

This vulnerability allows attackers to execute arbitrary JavaScript in the context of other users. This can lead to:

- **Session Hijacking**: Stealing user sessions.
- **Data Manipulation**: Altering or deleting data.
- **Phishing Attacks**: Redirecting users to malicious sites.
- **Information Disclosure**: Exposing sensitive information.

## Mitigation

- **Update**: Users should update to a version of Calibre-web that addresses this vulnerability.
- **Input Sanitization**: Developers should implement strict input validation and output encoding to prevent XSS attacks.

## References

- [Calibre-web GitHub Repository](https://github.com/janeczku/calibre-web/)

---

![Repo View Counter](https://profile-counter.glitch.me/CVE-2024-39123/count.svg)
文件快照

 [4.0K]  /data/pocs/42b75c2cc8bc637455116198a31327da3e73c8d0
└── [2.2K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。