Tyto Sahi Pro 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1633823 漏洞类型 跨站脚本
发布时间 2019-06-19 更新时间 2019-07-02
CVE编号 CVE-2018-20472 CNNVD-ID CNNVD-201906-641
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019060124
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201906-641
|漏洞详情
Tyto Software Sahi Pro是印度Tyto Software公司的一套自动化测试工具。 Tyto Sahi Pro 8.0.0及之前版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
|漏洞EXP
# Exploit Title: Sahi pro ( <= 8.x ) Stored XSS
# Date: 17-06-2019
# Exploit Author: Goutham Madhwaraj ( https://barriersec.com )
# Vendor Homepage: https://sahipro.com/
# Software Link: https://sahipro.com/downloads-archive/
# Version: 7.x , <= 8.x
# Tested on: Windows 10
# CVE : CVE-2018-20472
# POC-URL : https://barriersec.com/2019/06/cve-2018-20472-sahi-pro/

DESCRIPTION :

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS. Description parameter of Testcase API can be used to exploit the stored XSS.


POC :

step 1 :

 create a sahi test automation script with the following content and save the file with ".sah" extension ( example : poc.sah) :

            var $tc1 = _testcase(“TC-1″,”<script>alert(document.cookie)</script>”).start();

           _log(“testing stored XSS injection”);

            $tc1.end();

Step 2 :

Execute the created script ( poc.sah ) using sahi GUI controller .

Step 3 : navigate to the web logs console ( http://<ip>:<port>/logs ) using the browser for the executed script. XSS is triggered 
|参考资料

来源:barriersec.com

链接:https://barriersec.com/2019/06/cve-2018-20472-sahi-pro/


来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2018-20472