CVE-2023-2822 PoC — Ellucian 跨站脚本漏洞

Source

https://github.com/cberman/CVE-2023-2822-demo

Associated Vulnerability

Title:Ellucian 跨站脚本漏洞 (CVE-2023-2822)
Description:Ellucian是Ellucian公司的支持 SaaS 的开放和灵活技术生态系统。 Ellucian Ethos Identity 5.10.5 之前版本存在跨站脚本漏洞，该漏洞源于文件 /cas/logout 存在未知函数，通过参数 url 导致跨站脚本。

Description

Simple flask application to implement an intentionally vulnerable web app to demo CVE-2023-2822.

Readme

# CVE-2023-2822-demo
Simple flask application to implement an intentionally vulnerable web app to demo CVE-2023-2822.

Based on the writeup at https://medium.com/@cyberninja717/reflected-cross-site-scripting-vulnerability-in-ellucian-ethos-identity-cas-logout-page-685bb1675dfb.

```
docker build -t xss-demo .
docker run -p <host_port>:5000 xss-demo
```

🤖 AIL LEVEL: This flask app's AI Influence Level is AIL4. 
- [The AIL Rating System](https://danielmiessler.com/blog/ai-influence-level-ail/)
- See [how this code was written](https://chat.openai.com/share/d5a85160-24d4-4451-b8c1-148fdca14a18)

File Snapshot


 [4.0K]  /data/pocs/3e9f4738b92a902e850a6c7c1b2b28e7cad2c636
├── [ 429]  app.py
├── [ 104]  Dockerfile
├── [ 603]  README.md
├── [4.0K]  static
│   └── [ 325]  style.css
└── [4.0K]  templates
    ├── [ 315]  403.html
    ├── [ 338]  home.html
    └── [ 348]  logout.html

2 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!