CVE-2020-28351 PoC — Mitel ShoreTel 跨站脚本漏洞

Source

https://github.com/dievus/CVE-2020-28351

Associated Vulnerability

Title:Mitel ShoreTel 跨站脚本漏洞 (CVE-2020-28351)
Description:Mitel ShoreTel是加拿大敏迪（Mitel）的一个通讯平台。 Mitel ShoreTel 19.46.1802.0版本 conferencing component 存在跨站脚本漏洞，该漏洞源于HOME MEETING&页面上对时区对象的验证不足。攻击者可利用该漏洞进行反射跨站点脚本攻击(通过路径信息到index.php)。

Description

CVE-2020-28351 - Reflected Cross-Site Scripting attack in ShoreTel version 19.46.1802.0.

Readme

# ShoreTel 19.46.1802.0 Reflected Cross Site Scripting Attack

The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting attack (XSS) via the PATH_INFO to index.php, due to insufficient validation for the time_zone object in the HOME_MEETING& page.

Vulnerable payload
/index.php/%22%20onmouseover=alert(document.domain)%20?page=HOME

Vulnerability is in the HOME_MEETINGS& page, where a time_zone dropdown object is located.  Upon executing the payload, the exploit executes when the mouse is rolled over the dropdown menu object.

Discovered by Joe Helle, November 2020.  CVE issued 11/8/2020.

See the CVE listed here: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28351

File Snapshot


 [4.0K]  /data/pocs/92ff7b8fa5824f5e7824cc9b03e41f10d05e895c
├── [ 22K]  burprequest.png
├── [9.4K]  code review.png
├── [ 776]  README.md
└── [ 26K]  shortel rxss.png

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!