Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-2859 PoC — TeamPass 代码注入漏洞

Source
https://github.com/mnqazi/CVE-2023-2859
Associated Vulnerability
Title:TeamPass 代码注入漏洞 (CVE-2023-2859)
Description:TeamPass是Nils Laumaillé个人开发者的一款开源的密码管理器。 TeamPass 3.0.9之前版本存在代码注入漏洞。攻击者利用该漏洞执行代码注入攻击。
Description
CVE-2023-2859 Medium Blog
Readme
# CVE-2023-2859: Stored HTML injection in folderName affecting Admin in TeamPass < 3.0.9 - M Nadeem Qazi

Hi,

I have found a major vulnerability in the nilsteampassnet/teampass application that involves stored HTML injection in the FolderName field. By inserting malicious HTML code into the FolderName field, an attacker is able to change the names of folders.

## Vulnerability Details

- Vulnerability Type: Stored HTML Injection
- CVE: CVE-2023-2859
- Software Version: TeamPass < 3.0.9
- Author: M Nadeem Qazi

### Description

The injected payload can be executed when an administrator interacts with a compromised folder, opening the door to a variety of potential attacks. The HTML code that was injected could have malicious scripts, iframes, or other components that were created to attack the administrator's system and jeopardize its security.

### Proof of Concept (PoC)

[![PoC](https://img.youtube.com/vi/ZqY9IOfj7ok/0.jpg)](https://youtu.be/ZqY9IOfj7ok)

## Impact

If this vulnerability is exploited, serious consequences might result:

- Data Theft: When the administrator interacts with the affected folder, malicious code might be injected to collect private data. This includes login information, personal information, and other sensitive data. Data that has been stolen can be exploited for financial fraud, identity theft, and other malicious activities.

- Attacks that Redirect: The inserted code may redirect the administrator to a website that the attacker is in control of. This gives the attacker the ability to influence the admin's web surfing, possibly subjecting them to more assaults or phishing efforts.

## Mitigation

This vulnerability has been fixed in version 3.0.9 of TeamPass.

## Additional Resources

If you're interested in learning more about my findings, check out the report link on [huntr.dev](https://huntr.dev/bounties/d7b8ea75-c74a-4721-89bb-12e5c80fb0ba/).

You can also follow me for updates on my research and other security-related topics:

- Instagram: [@mnqazi](https://www.instagram.com/mnqazi)
- Twitter: [@mnqazi](https://twitter.com/mnqazi)
- Facebook: [@mnqazi](https://www.facebook.com/mnqazi)
- LinkedIn: [M_Nadeem_Qazi](https://www.linkedin.com/in/m-nadeem-qazi)

Stay safe out there!
File Snapshot

 [4.0K]  /data/pocs/b96037a2336a96d86064bdd8799e805d52d27dd6
└── [2.2K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.