POC详情: f22146cff8fa2179f688fe694f7edd5b41765295

来源
https://github.com/pratikshad19/CVE-2020-15051
关联漏洞
标题: ArticaTech Artica Proxy 跨站脚本漏洞 (CVE-2020-15051)
描述:ArticaTech Artica Proxy是法国ArticaTech公司的一款开源的Artica代理解决方案。 ArticaTech Artica Proxy 4.30.000000之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
描述
CVE-2020-15051 : Artica Proxy before 4.30.000000 Community Edition allows Stored Cross Site Scripting.
介绍
# CVE-2020-15051 : Artica Proxy before 4.28.030418 Community Edition allows Stored Cross Site Scripting.

**Product Description:**
Artica Tech offers a powerful but simple-to-use solution, usually the preserve of Large and Multinational companies. With a starting price of just 99€ and more than 62 000 active servers, Artica Proxy has been developed over the past 10 years as an Open Source Project to help SMEs and public bodies protect both their organizations and employees from Internet danger at a low cost.

**Description:** Artica Proxy before 4.28.030418 Community Edition allows Cross Site Scripting exists via the input fields Server Domain Name,Your Email Address,Group Name,MySQL Sever,Database,MySQL Username, Group Name and Task description fields.

**Vulnerability Type:** Cross Site Scripting (XSS)

**Vulnerability Description:** 
Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

**Severity Rating:** High

**Vendor of Product:** Artica

**Affected Product Code Base:** Artica-Proxy - before v4.28.030418 Community Edition

**Affected Component:** Several input fields are vulnerable to Stored Cross Site scripting. These are few affted components field name, Server Domain Name,Your Email Address,Group Name,MySQL Sever,Database,MySQL Username, Group Name and Task description fields.We can gain the access of user session cookie and can able to perform malicious activity.

**Attack Type:** Remote

**Impact Information Disclosure:** True

**Attack Vector:** <input> tag, we can execute the attack by entering the malicious javascript code to gain the access of user session cookie.
			   Used payload: *_test"><svg/onload=alert(1)>_*
			   
**Has vendor confirmed or acknowledge the vulnerability:** True

**Reference:** https://sourceforge.net/projects/artica-squid/files/

**Exploit Author:** Pratiksha Dhone

**Contact:** linkedin.com/in/pratiksha-dhone-56261b100
文件快照

 [4.0K]  /data/pocs/f22146cff8fa2179f688fe694f7edd5b41765295
└── [2.1K]  README.md

0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。