CVE-2017-14651 PoC — WSO2 Data Analytics Server 跨站脚本漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2017/CVE-2017-14651.yaml

Associated Vulnerability

Title:WSO2 Data Analytics Server 跨站脚本漏洞 (CVE-2017-14651)
Description:WSO2 Data Analytics Server是美国WSO2公司的一款数据分析服务器，它能够提供实时分析数据流、复杂的事件处理和机器学习等功能。 WSO2 Data Analytics Server 3.1.0版本中的carbon/resources/add_collection_ajaxprocessor.jsp文件存在跨站脚本漏洞。远程攻击者可借助‘collectionName’或‘parentPath’参数利用该漏洞劫持登录用户的会话，更改登录用户密码，造成用户会话失效。

Description

WSO2 Data Analytics Server 3.1.0 is susceptible to cross-site scripting in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.

File Snapshot


 id: CVE-2017-14651

info:
  name: WSO2 Data Analytics Server 3.1.0 - Cross-Site Scripting
  author: 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!