CVE-2020-28415 PoC — Compassplus TranzWare Payment Gateway 跨站脚本漏洞

Source

https://github.com/jet-pentest/CVE-2020-28415

Associated Vulnerability

Title:Compassplus TranzWare Payment Gateway 跨站脚本漏洞 (CVE-2020-28415)
Description:Compassplus TranzWare Payment Gateway是英国Compassplus公司的一个可以提供付款服务的软件。 TranzWare Payment Gateway 3.1.12.3.2版本存在安全漏洞，攻击者可利用该漏洞能够通过精心制作的url执行任意HTML代码。

Readme

# CVE-2020-28415

## [Suggested description]
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414).

## [Vulnerability Type]
Cross Site Scripting (XSS)

## [Vendor of Product]
TranzWare

## [Affected Product Code Base]
Payment Gateway 3.1.12.3.2.

## [Attack Type]
Remote

## [Impact Code execution]
true

## [Has vendor confirmed or acknowledged the vulnerability?]
true

## [Reference]
https://compassplus.com/solutions/tranzware/

## [Discoverer]
Vladimir Rotanov (Jet Infosystems (jet.su), Moscow, Russia)

File Snapshot


 [4.0K]  /data/pocs/4b950c7524b4e224d1abff4894df07e37b413767
└── [ 689]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!