CVE-2022-28598 PoC — ERPNext 跨站脚本漏洞

来源

https://github.com/patrickdeanramos/CVE-2022-28598

关联漏洞

标题:ERPNext 跨站脚本漏洞 (CVE-2022-28598)
Description:ERPNext是印度ERPNext公司的一套开源的企业资源计划解决方案。 ERPNext 12.29.0版本存在安全漏洞，该漏洞源于不会中和用户可控输入。

Description

Persistent XSS on 'last_known_version' field (My Settings)

介绍

#ERPNext - 12.29.0

Stored cross-site scripting (XSS) vulnerability in the "last_known_version" field found in the "My Setting" page in ERPNext 12.29.0 allows remote attackers to inject arbitrary web script or HTML via a crafted site name by doing an authenticated POST HTTP request to '/desk#Form/User/(Authenticated User)' and inject the script in the 'last_known_version' field where we are able to view the script by clicking the 'pdf' view form.

This vulnerability is specifically the "last_known_version" field found under the 'My Settings' where we need to first save the my settings.
![alt text](https://github.com/patrickdeanramos/CVE-2022-28598/blob/main/ErpNext-1.png?raw=True)

Under the ‘last_known_version’ field we are going to inject our malicious script.
![alt text](https://github.com/patrickdeanramos/CVE-2022-28598/blob/main/ErpNext-2.png?raw=True)

To view our injected script we need to click the view pdf page, and as seen below we have successfully injected our script.
![alt text](https://github.com/patrickdeanramos/CVE-2022-28598/blob/main/ErpNext-3.png?raw=True)

Authors:<br>
Patrick Dean Ramos<br>
Nathu Nandwani<br>
Junnair Manla<br>

文件快照

登录后查看神龙缓存的 POC 文件快照

登录查看

备注

1. 建议优先通过来源进行访问。

2. 本地 POC 快照面向订阅用户开放；当原始来源失效或无法访问时，本地镜像作为订阅权益的一部分提供。

查看订阅方案 →

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

CVE-2022-28598 PoC — ERPNext 跨站脚本漏洞

来源

关联漏洞

Description

介绍

文件快照

备注

目标达成感谢每一位支持者 — 我们达成了 100% 目标！