Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-6710 PoC — Mod_cluster/mod_proxy_cluster: stored cross site scripting

Source
https://github.com/DedSec-47/Metasploit-Exploits-CVE-2023-6710
Associated Vulnerability
Title:Mod_cluster/mod_proxy_cluster: stored cross site scripting (CVE-2023-6710)
Description:A flaw was found in the mod_proxy_cluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting (XSS) vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host and adds the script to the cluster-manager page.
Description
Welcome to the Metasploit Exploits Repository, your go-to resource for a comprehensive collection of cutting-edge exploits designed for penetration testing and ethical hacking. Developed and maintained by Mohamed Mounir Boudjema, this repository is crafted with a deep understanding of the evolving landscape of cybersecurity.
Readme
# CVE-2023-6710 Exploit POC
Explore the depths of CVE-2023-6710 with metasploit and our comprehensive Proof of Concept (PoC). This CVE, identified as a potential security vulnerability, has been meticulously examined to demonstrate its impact and provide a hands-on understanding of the associated risks.

# Installation
- git clone https://github.com/DedSec-47/Metasploit-Exploits-CVE-2023-6710.git 
- cd Metasploit-Exploits-CVE-2023-6710
- sudo mv mod_cluster_xss.rb /usr/share/metasploit-framework/modules/auxiliary/scanner/mod_cluster_stored_xss.rb


# Usage
- use auxiliary/scanner/mod_cluster_stored_xss
- set rhosts https://www.example.com
- set targeturi /cluster-manager
- set rport 443
- set ssl true
- exploit

# Disclaimer
This script is provided solely for educational and research purposes. Please use it responsibly and only on systems for which you have explicit permission to test. Unauthorized or malicious use of this script could lead to legal consequences and ethical concerns. Ensure that you adhere to ethical guidelines and respect the privacy and security of others.
File Snapshot

 [4.0K]  /data/pocs/d87aa63e2e3577f67f9af9585ec05e947cd50745
├── [1.0K]  LICENSE
├── [3.6K]  mod_cluster_xss.rb
└── [1.1K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →