CVE-2021-45026 PoC — ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 跨站脚本漏洞

Source

https://github.com/JetP1ane/Zena-CVE-2021-45026

Associated Vulnerability

Title:ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 跨站脚本漏洞 (CVE-2021-45026)
Description:ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS).

Readme

# Zena - Stored XSS to RCE Exploit POC

**Exploit POC for Rocket Software's Zena application v. 4.2.1 - Stored XSS to RCE**

[CVE-2021-45025](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45025)

[CVE-2021-45026](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45026)

[https://phoenix-sec.io/2022/06/17/Zena-CookieMonsteRCE.html](https://phoenix-sec.io/2022/06/17/Zena-CookieMonsteRCE.html)

**Credits:** James Barnett and Jeff Green

POC Process:
- Logs into Zena's webconfig page using default credentials
- Drops Stored XSS payload
- Payload needs to be triggered by someone navigating to the webconfig page
- Triggered payload uses REST API backend of Zena to find an agent and build a Task for that agent
- Task is then triggered for agent thus executing the specified command

**To Run:**
- python CookieMonster.py <hostname/ip> <TLS/SSL - True or False> <cmd.exe command>
  - **Example: python3 CookieMonster.py 127.0.0.1 False "/c whoami > c:/out.txt"**

File Snapshot


 [4.0K]  /data/pocs/f29c1673def8b672a57bbc7f464715e8be591361
├── [3.9K]  CookieMonster.py
├── [6.3K]  payload-js.txt
└── [ 982]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!