Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-9460 PoC — Octech Oempro 跨站脚本漏洞

Source
https://github.com/g-rubert/CVE-2020-9460
Associated Vulnerability
Title:Octech Oempro 跨站脚本漏洞 (CVE-2020-9460)
Description:Octech Oempro是美国Octech公司的一套电子邮件营销软件。 Octech Oempro 4.7版本至4.11版本中的Campaign.Create命令的‘CampaignName’参数存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
Description
Stored Cross Site Scripting - Oempro
Readme
# CVE-2020-9460
```
██╗  ██╗███████╗███████╗
╚██╗██╔╝██╔════╝██╔════╝
 ╚███╔╝ ███████╗███████╗
 ██╔██╗ ╚════██║╚════██║
██╔╝ ██╗███████║███████║
╚═╝  ╚═╝╚══════╝╚══════╝
```                     


**Cross Site Scripting - Oempro**

<p>Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The parameter CampaignName in Campaign.Create is vulnerable.</p>

 ><p><b>Command:</b>Campaign.Create </p>
 ><p><b>Request parameter:</b>CampaignName</p>
 ><p><b>Version:</b> Oempro v4.7 <= v4.11</p>
 ><p><b>Researcher:</b> Guilherme Rubert
 ><p><b>Payload:</b></p>
 
 ```
 "><marquee/onstart=alert("XSS")>
 
 ```
<br>**References:**
<p>https://guilhermerubert.com/blog/cve-2020-9460/</p>
<p>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9460</p>
<p>https://nvd.nist.gov/vuln/detail/CVE-2020-9460</p>
<p>https://www.octeth.com/</p>
File Snapshot

 [4.0K]  /data/pocs/808a1f4dafaebb0b2b3ebc10783d0b902e541bbc
└── [1.1K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.