关联漏洞
标题:
ProcessMaker 安全漏洞
(CVE-2024-41453)
描述:ProcessMaker是美国ProcessMaker公司的一个Php编写的用于商业进程管理(BPM)和工作流管理的建站系统。 ProcessMaker pm4core-docker 4.1.21-RC7版本存在安全漏洞,该漏洞源于包含一个跨站脚本漏洞。攻击者利用该漏洞可以通过注入 Name 参数的特制有效载荷执行任意 Web 脚本或 HTML。
描述
CVE-2024-41454, CVE-2024-41453
介绍
<b> #CVE-2024-41453 </b>
<b> #CVE-2024-41454 </b>
ProcessMaker Vulnerabilites (just for education):
@ryancooley @velkymx @nolanpro @caleeli
- install ProcessMaker 4 Core Docker Instance frome this repository:
https://github.com/ProcessMaker/pm4core-docker
- this is latest pm docker version (PM_VERSION=4.1.21), below image is the .env file.

# Stored Xss
1. create a json file with xss payload.

(I uploaded sample file named: sample.json)
2.Send this file to process admin user and request to import thie file as a process.



3. when admin user import this file and try to archive this process, the malicious javascript code will be executed.
(chrome latest version: Version 126.0.6478.127 (Official Build) (64-bit))

It is obvius that in import function there is lack of user input sanitization.
# Maliciuos file upload
1. admin user can upload html file and bypass image restrication in Customize UI, custom login logo upload section.

2. this is uploaded file:

3. also it is possible to uplaod php file but its not executed.


there is lack of proper input validation in uploaders.
文件快照
[4.0K] /data/pocs/ca639dcdfb2857fb4b7317ad76c3823d0376ebd1
├── [2.2K] README.md
└── [2.2K] sample.json
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。