Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-9758 PoC — LiveZilla Live Chat 跨站脚本漏洞

Source
https://github.com/ari034/CVE-2020-9758
Associated Vulnerability
Title:LiveZilla Live Chat 跨站脚本漏洞 (CVE-2020-9758)
Description:LiveZilla Live Chat是德国LiveZilla公司的一套免费的在线客服系统。该系统提供实时监测访客、离线留言、GeoTracking地图跟踪、访问统计、在线聊天等功能。 LiveZilla Live Chat 8.0.1.3(Helpdesk)版本中的chat.php文件的‘name’函数存在安全漏洞。攻击者可利用该漏洞获取helpdesk员工的用户名和密码,提升权限,完全控制账户。
Description
Form submission for vulnerability in livezilla
Readme
CVE-2020-9758


> [Description]
> An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3
> (Helpdesk). A blind JavaScript injection lies in the name parameter.
> Triggering this can fetch the username and passwords of the helpdesk
> employees in the URI. This leads to a privilege escalation, from
> unauthenticated to user-level access, leading to full account
> takeover. The attack fetches multiple credentials because they are
> stored in the database (stored XSS). This affects the mobile/chat URI
> via the lgn and psswrd parameters.
>
> ------------------------------------------
>
> [Additional Information]
> The leakage of credentials through the URI may be the result of the autologin feature.
> Also more parameters in the chat.php form may be vulnerable.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> Livezilla
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Livechat Helpdesk - 8.0.1.3
>
> ------------------------------------------
>
> [Affected Component]
> Input URL : https://livechat.example.com/chat.php
> Vulnerable Parameter : name
> Affected URL : https://livechat.example.com/mobile/chat?lgn=base64_encoded(username)&psswrd=base64_encoded(password)
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Blind Unauthenticated Stored XSS
>
> ------------------------------------------
>
> [Reference]
> https://www.livezilla.net
>
> ------------------------------------------
>
> [Discoverer]
> Arihant Singh
File Snapshot

 [4.0K]  /data/pocs/54ad189719dfa48749759c3b66bea982e5027cd1
└── [1.8K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.