CVE-2024-41640 PoC — AML Surety Eco 安全漏洞

Source

https://github.com/alemusix/CVE-2024-41640

Associated Vulnerability

Title:AML Surety Eco 安全漏洞 (CVE-2024-41640)
Description:AML Surety Eco是AML公司的一个端到端的 BSA/AML 生态系统。 AML Surety Eco 3.5及之前版本存在安全漏洞，该漏洞源于存在跨站脚本（XSS）漏洞，攻击者可以通过特制GET请求运行任意代码。

Readme

# Description
AML Surety Eco up to version 3.5 is affected by an un-authenticated reflected cross-site scripting.

The target web application handles error in a dedicated error page (accessible without any authentication) containing a URL parameter that is not sanitizing user input. The provided parameter value is reflected off the web application causing malicious payloads to execute JavaScript code on the victim’s browser.
# Risk
- Severity: Medium
- CVSS v3.1 Score: 5.4
- CVSS v3.1 Vector: [**AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L**](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L&version=3.1)
# Affected Resources
- Version: up to AML Surety Eco v3.5
- https://<application-baseurl\>/Surety3Eco/AppError.aspx

The vulnerable parameter:
- `id`
# Evidence
It is possible to inject a JavaScript payload in the `id` URL parameter

![image_1](./images/image_1.png)


Attacker can provide the URL with JavaScript payload to a victim that upon opening in the browser results in the execution of JavaScript code.

![image_2](./images/image_2.png)

File Snapshot


 [4.0K]  /data/pocs/c3baf9191b6d780d4977709ba0cf111d8f370305
├── [4.0K]  images
│   ├── [103K]  image_1.png
│   └── [ 35K]  image_2.png
└── [1.1K]  README.md

1 directory, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!