POC详情: a45f552fdf52cd798fe8233e08580f864337ed2a

来源
https://github.com/GCatt-AS/CVE-2024-48197
关联漏洞
标题: AudioCodes MP-202B 安全漏洞 (CVE-2024-48197)
描述:AudioCodes MP-202B是以色列AudioCodes公司的一个模拟 VoIP 适配器。用于连接 POTS 电话或传真机。 AudioCodes MP-202B v.4.4.3版本存在安全漏洞,该漏洞源于存在跨站脚本漏洞,允许远程攻击者通过Web界面的登录页面提升权限。
描述
Reflected XSS in AudioCodes MP-202b
介绍
# CVE-2024-48197
Reflected XSS in AudioCodes MP-202b
# [Description]
 Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of 
 the web interface.

# [Additional Information]
 N/A

# [Vulnerability Type]
 Cross Site Scripting (XSS) Reflected

# [Vendor of Product]
> Audiocodes

# [Affected Product Code Base]
> MP-202b - 4.4.3 

# [Affected Component]
> Login page of the web interface for the device

# [Attack Type]
> Remote

# [Impact Escalation of Privileges]
> true

# [Attack Vectors]
> A user must be coerced into logging into the application with a specially crafted URL supplied. The specially crafted URL can then be used to capture login details.

# [Discovered By]
Gareth C - AnchorSec
文件快照

 [4.0K]  /data/pocs/a45f552fdf52cd798fe8233e08580f864337ed2a
└── [ 778]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。