Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-47488 PoC — Combodo iTop 跨站脚本漏洞

Source
https://github.com/nitipoom-jar/CVE-2023-47488
Associated Vulnerability
Title:Combodo iTop 跨站脚本漏洞 (CVE-2023-47488)
Description:Combodo iTop是法国Combodo公司的一套基于ITIL开发且用于IT环境日常运营的开源Web应用程序。该程序提供事件管理、配置管理和问题管理等功能。 Combodo iTop v.3.1.0-2-11973版本存在跨站脚本漏洞,该漏洞源于允许本地攻击者通过信息页面中的 attrib_manager_id 参数和联系页面中的 id 参数使用精心设计的脚本获取敏感信息。
File Snapshot

 [4.0K]  /data/pocs/03268221895378fa49e25490f31dbf7dbd93d9d7
├── [127K]  00.png
├── [139K]  0.png
├── [138K]  1.png
├── [ 98K]  2.png
├── [ 98K]  3.png
├── [ 98K]  4.png
├── [ 26K]  5.png
├── [ 10K]  6.png
├── [ 216]  7.txt
├── [117K]  8.png
├── [7.9K]  index.html
├── [904K]  last.gif
└── [ 11K]  styles.css

0 directories, 13 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.