Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-39197 PoC — HelpSystems Cobalt Strike 跨站脚本漏洞

Source
https://github.com/4nth0ny1130/CVE-2022-39197-fix_patch
Associated Vulnerability
Title:HelpSystems Cobalt Strike 跨站脚本漏洞 (CVE-2022-39197)
Description:An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
Description
CVE-2022-39197 bug fix patch
Readme
# CVE-2022-39197-fix_patch
## Usage
Add parameters when starting cobaltstrike
`-javaagent:fixXss-1.0-SNAPSHOT.jar`
File Snapshot

 [4.0K]  /data/pocs/c3607c65dc4e32de4c0acf7d8106afc91cc87553
├── [3.1K]  pom.xml
├── [ 115]  README.md
└── [4.0K]  src
    └── [4.0K]  main
        └── [4.0K]  java
            └── [4.0K]  fixXss
                ├── [2.3K]  JLabelAgent.java
                └── [ 444]  JLabelInterceptor.java

4 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →