POC详情: d95408c752a637c67df424676d6e03e78525ba0a

来源
https://github.com/sahiloj/CVE-2023-34838
关联漏洞
标题: MicroWorld Technologies eScan Management Console 跨站脚本漏洞 (CVE-2023-34838)
描述:MicroWorld Technologies eScan Management Console是美国MicroWorld Technologies公司的一个电子扫描管理控制台。 Microworld Technologies eScan Management console v.14.0.1400.2281版本存在跨站脚本漏洞,该漏洞源于允许远程攻击者通过精心设计的脚本对 Description 参数执行任意代码。
介绍
## eScan Management Console 14.0.1400.2281 - Stored Cross Site Scripting ###

**Description:**
Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Description parameter.

**Vulnerable Product Version:**
14.0.1400.2281

**Date:**
23/06/2023

**CVE:** 
CVE-2023-34838

**CVE Author:**
Sahil Ojha

**Vendor Homepage:**
https://www.escanav.com

**Software Link:** 
https://cl.escanav.com/ewconsole.dll

**Tested on:** 
Windows

**Steps to reproduce:**
1. Login into the eScan Management Console with a valid user credential. Here, escan management console is on internal network.
2. Navigate to url http://192.168.1.1:10443/ewconsole/ewconsole.dll/NewRole and inject the XSS paylaod in description parameter.
   
   ![HTML Render](https://github.com/sahiloj/CVE-2023-34838/blob/main/1.png)
   ---
3. Select any group and save the new role detail. A XSS alert will pop up which can be also modified to extract admin session cookie.
   
   ![HTML Render](https://github.com/sahiloj/CVE-2023-34838/blob/main/2.png)
   ---
文件快照

 [4.0K]  /data/pocs/d95408c752a637c67df424676d6e03e78525ba0a
├── [ 90K]  1.png
├── [ 29K]  2.png
└── [1.1K]  README.md

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。