CVE-2021-29267 PoC — sherlock SherlockIM 跨站脚本漏洞

Source

https://github.com/Security-AVS/CVE-2021-29267

Associated Vulnerability

Title:sherlock SherlockIM 跨站脚本漏洞 (CVE-2021-29267)
Description:sherlock SherlockIM是美国sherlock公司的一个应用软件。用于在WhatsApp中管理与客户的各种对话。 Sherlock SherlockIM through 2021-03-29 存在跨站脚本漏洞，攻击者可利用api文件附件URI。

Description

SherlockIM ChatBot XSS

Readme

# CVE-2021-29267
SherlockIM ChatBot XSS

[Suggested description]: SherlockIM is vulnerable to Persistent XSS.

[Additional Information]: SherlockIM - Platform for manage all kind of conversations with customers.

[Vulnerability Type]: Cross Site Scripting (XSS)

[Vendor of Product]: https://sherlockim.ae

A letter was sent to the vendor about the vulnerability.

[Attack Type]: Remote

[Attack Vectors]: Attacker uploads malicious HTML file via chat bot. Malicious file is loaded in customer subdomain (every customer has unique subdomain in the sherlockcrm domain). Malicious code in uploaded file successfully executed in "customer.sherlockcrm.ru". Link to uploaded file leaks via chat bot and has the following format: https://customer.sherlockcrm.ru/api/Files/Attachment/unique_ID.html. Link is valid until manual delete. Attacker can attack help desk employees. 

[Discovered]: Alexander Semenenko

[Reference]: https://sherlockim.ae

[Proof of Concept]:

![alt text](https://github.com/Security-AVS/CVE-2021-29267/blob/main/Successful%20execution%20of%20code.png)

File Snapshot


 [4.0K]  /data/pocs/00f83eff038d95beff3eb6f36882fd942d3220bf
├── [1.0K]  README.md
└── [ 79K]  Successful execution of code.png

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!