CVE-2024-24035 PoC — Setor Informatica SIL 安全漏洞

Source

https://github.com/ELIZEUOPAIN/CVE-2024-24035

Associated Vulnerability

Title:Setor Informatica SIL 安全漏洞 (CVE-2024-24035)
Description:Setor Informatica SIL是Setor Informatica公司的一种用于连接医学实验室的解决方案。 Setor Informatica SIL 3.1版本存在安全漏洞。攻击者利用该漏洞通过 hmessage 参数运行任意代码。

Readme

# CVE-2024-24035

Title The SIL 3.1 is vulnerable to Cross Site Scripting (XSS) in the "hmessage" parameter.

Date: 2024-01-14

Author: Elizeu Das Dores

Vendor Homepage: https://www.setorinformatica.com/

Version: 3.1

# POC CVE-2024-24035

The "hmessage" parameter is vulnerable to DOM Based Cross Site Scripting (XSS). 
![dom xss](https://github.com/ELIZEUOPAIN/CVE-2024-24035/assets/102467898/1b7d6053-bc5f-4e92-95ba-1fc211b05822)

File Snapshot


 [4.0K]  /data/pocs/7d3d9b6f8e0bfdfa8d411c15ca7b531e4c046435
└── [ 435]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!