XODA XSS ve File Upload Açığı

XODA “xodadir/?upload_to=” da bulunan açık sayesinde dosya uploadı ayrıca XSS açığı bulundu. Bu açıkla servere shell uploadı mümkün. XSS açığı ilede scriptler çalıştırılarak bir takım özel bilgiler post edilebilir.

_________________________________________

1. Arbitrary File Upload:

It is possible to access the file upload page “?upload_to=” without the need to authenticate (log in) to the XODA system.

An attacker is able to upload a web shell to the server and gain unauzhorized access to the operating system.

Vulnerable URL: server/xodadir/?upload_to=

Default location of uploaded files: server/xodadir/files/

2. Stored XSS in file description.

Steps to reproduce the XSS:

2.1 Select a document.

2.2 Click on description.

2.3 Enter XSS Payload:

2.4 Reload the page XSS Should be triggered.

3. Stored XSS in filters.

Steps to reproduce the XSS:

3.1 Select the document.

3.2 Click on filters.

3.3 In the “Filters (one per line):” field insert XSS paload:

3.4 Click “Set filters”.

3.5 Click on the document icon to open its properties.

3.6 XSS Should be triggered.

Bir Cevap Yazın

E-posta hesabınız yayımlanmayacak. Gerekli alanlar * ile işaretlenmişlerdir