Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-1719 PoC — Bitrix24 安全漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2023/CVE-2023-1719.yaml
Associated Vulnerability
Title:Bitrix24 安全漏洞 (CVE-2023-1719)
Description:Bitrix24是美国Bitrix公司的一套企业社交平台。该平台包括在线通讯、日历管理和CRM(客户关系管理)等功能。 Bitrix24 22.0.300版本存在安全漏洞,该漏洞源于文件/main/tools.php存在安全漏洞。攻击者可利用该漏洞枚举服务器上的附件,或在受害者的浏览器中执行任意JavaScript代码。
Description
Global variable extraction in bitrix/modules/main/tools.php in Bitrix24 22.0.300 allows unauthenticated remote attackers to (1) enumerate attachments on the server and (2) execute arbitrary JavaScript code in the victim’s browser, and possibly execute arbitrary PHP code on the server if the victim has administrator privilege, via overwriting uninitialised variables.
File Snapshot

 id: CVE-2023-1719

info:
  name: Bitrix Component - Cross-Site Scripting
  author: DhiyaneshDk
  sev

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.