CVE-2023-34836 PoC — MicroWorld Technologies eScan Management Console 跨站脚本漏洞

Source

https://github.com/sahiloj/CVE-2023-34836

Associated Vulnerability

Title:MicroWorld Technologies eScan Management Console 跨站脚本漏洞 (CVE-2023-34836)
Description:A Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via a crafted script to the Dtltyp and ListName parameters.

Readme

## eScan Management Console 14.0.1400.2281 - Reflected Cross Site Scripting ###

**Description:**
Cross Site Scripting vulnerability in Microworld Technologies eScan Management console v.14.0.1400.2281 allows a remote attacker to execute arbitrary code via vulnerable parameters like Dtltyp and ListName.

**Vulnerable Product Version:**
14.0.1400.2281

**Date:**
23/06/2023

**CVE:** 
CVE-2023-34836

**CVE Author:**
Sahil Ojha

**Vendor Homepage:**
https://www.escanav.com

**Software Link:** 
https://cl.escanav.com/ewconsole.dll

**Tested on:** 
Windows

**Steps to reproduce:**
1. Login into the eScan Management Console with a valid user credential. Here, escan management console is on internal network.
2. Navigate to "User Activity >> File Activity Report" feature.
   
   ![HTML Render](https://github.com/sahiloj/CVE-2023-34836/blob/main/1.png)
   ---
3. Capture the GET request in burpsuite and inject the XSS paylaod into "Dtltyp" and "ListName" parameter as shown in fugure below.
   
   ![HTML Render](https://github.com/sahiloj/CVE-2023-34836/blob/main/3.png)
   ---
4. After forwarding the request, an XSS alert will pop up which could be modified to extract user session cookie as well.
 ![HTML Render](https://github.com/sahiloj/CVE-2023-34836/blob/main/4.png)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →