Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-39197 PoC — HelpSystems Cobalt Strike 跨站脚本漏洞

Source
https://github.com/hluwa/cobaltstrike_swing_xss2rce
Associated Vulnerability
Title:HelpSystems Cobalt Strike 跨站脚本漏洞 (CVE-2022-39197)
Description:An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike payload, and then modify the username field in the payload (or create a new payload with the extracted information and then modify that username field to be malformed).
Description
CVE-2022-39197
File Snapshot

 [4.0K]  /data/pocs/da9f23f385211b1d75b5e747da4cfd50b7d6ef70
├── [ 851]  demo.java
├── [4.0K]  libs
│   ├── [4.1M]  batik-all-1.15.jar
│   ├── [ 24K]  org.w3c.dom.smil-1.0.1.v200903091627.jar
│   ├── [ 15K]  sac-1.3.jar
│   └── [ 86K]  svg-1.1.0.jar
├── [ 119]  payload.html
├── [1.4K]  payload.jar
├── [ 208]  payload.svg
└── [ 773]  SVGHandler.java

1 directory, 9 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →