Openaudit professional 2.1.1 crosssite scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2018-05-11 |
Type : webapps |
Platform : windows
This exploit / vulnerability Openaudit professional 2.1.1 crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
# 1. Vendor Description:
# Network Discovery and Inventory Software | Open-AudIT | Opmantek
# Discover what's on your network. Open-AudIT is the world's leading network discovery, inventory and audit program. Used by over 10,000 customers.
# 2. Technical Description:
# Cross-site scripting (XSS) vulnerability found in Multiple instances of
Open-AudIT Professional - 2.1.1 that allows remote attackers to inject
arbitrary web script or HTML, as demonstrated in below POC.
# 3. Proof of Concept:
# a) Login as user who is having Attributes Creation role
# b) Navigate to Manage -> Attributes -> Create Attributes
# c) Now fill the form with XSS payload in ‘Name’ field and submit payload: <script>alert('XSS')</script>
# d) Once the data is saved, the script get executed.