CVE-2020-8115 PoC — Revive Adserver 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-8115.yaml

Associated Vulnerability

Title:Revive Adserver 跨站脚本漏洞 (CVE-2020-8115)
Description:Revive Adserver是Revive Adserver团队的一套开源的广告管理系统。该系统提供广告投放、广告位管理、数据统计等功能。 Revive Adserver 5.0.3及之前版本中的afr.php文件（可公开访问）中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

Description

Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim.

File Snapshot


 id: CVE-2020-8115

info:
  name: Revive Adserver <=5.0.3 - Cross-Site Scripting
  author: madrobot,d

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!