Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-39123 PoC — Calibre-Web 安全漏洞

Source
https://github.com/theexploiters/CVE-2024-39123-Exploit
Associated Vulnerability
Title:Calibre-Web 安全漏洞 (CVE-2024-39123)
Description:Calibre-Web是一款用于浏览、阅读和下载Calibre数据库中电子书的Web应用程序。 Calibre-Web 0.6.0版本至0.6.21版本存在安全漏洞,该漏洞源于清理不当,容易受到跨站脚本的攻击。
Description
Exploit For: CVE-2024-39123: Stored XSS in Calibre-web 0.6.21
Readme
# CVE-2024-39123: Stored XSS in Calibre-web 0.6.21

## Exploit Details

- **Exploit Title**: Stored XSS in Calibre-web
- **Date**: 2024-05-07
- **Exploit Authors**: Catalin Iovita & Alexandru Postolache (Pentest-Tools.com)
- **Vendor Homepage**: [Calibre-web GitHub Repository](https://github.com/janeczku/calibre-web/)
- **Version**: 0.6.21 - Romesa
- **Tested on**: Linux 5.15.0-107, Python 3.10.12, lxml 4.9.4
- **CVE**: CVE-2024-39123

## Vulnerability Description

Calibre-web 0.6.21 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. This flaw allows an attacker to inject and store malicious scripts on the server. These scripts are subsequently executed in the context of another user's session when they access the infected part of the application.

## Steps to Reproduce

1. **Log In**: Authenticate to the Calibre-web application with a valid user account.
2. **Upload a New Book**: Navigate to the upload section and upload a new book.
3. **Access Books List**: Visit the `/table?data=list&sort_param=stored` endpoint to view the Books List.
4. **Inject Payload**: In the `Comments` field of the uploaded book, insert the following payload:

    ```html
    <a href=javas%1Bcript:alert()>Hello there!</a>
    ```

5. **Save Changes**: Submit the form to save the changes.
6. **Trigger the Payload**: Go to the Book Details of the uploaded book. Click on the description to trigger the stored script. An alert box will appear, indicating the successful execution of the injected script.

## Impact

This vulnerability allows attackers to execute arbitrary JavaScript in the context of other users. This can lead to:

- **Session Hijacking**: Stealing user sessions.
- **Data Manipulation**: Altering or deleting data.
- **Phishing Attacks**: Redirecting users to malicious sites.
- **Information Disclosure**: Exposing sensitive information.

## Mitigation

- **Update**: Users should update to a version of Calibre-web that addresses this vulnerability.
- **Input Sanitization**: Developers should implement strict input validation and output encoding to prevent XSS attacks.

## References

- [Calibre-web GitHub Repository](https://github.com/janeczku/calibre-web/)

---

![Repo View Counter](https://profile-counter.glitch.me/CVE-2024-39123/count.svg)
File Snapshot

 [4.0K]  /data/pocs/42b75c2cc8bc637455116198a31327da3e73c8d0
└── [2.2K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.