# Exploit Title: Reflected Cross Site Scripting
- Google Dork:
- Date: 27.04.2023
- Exploit Author: Lucas Noki (0xPrototype)
- Vendor Homepage: https://github.com/vogtmh
- Software Link: https://github.com/vogtmh/cmaps
- Version: 8.0
- Tested on: Mac, Windows, Linux
- CVE : CVE-2023-29808
*Description:*
The vulnerability found is Reflected Cross Site Scripting. When the `/index.php?map=overview&findme=` endpoint is hit with a request where the "findme" parameter contains a malicious payload we have the possibility to perform an XSS attack. This happens because the input isn't sanitized.
*Steps to reproduce:*
1. Clone the repository and install the application
2. Send a maliciously crafted payload via the "findme" parameter to the following endpoint: /index.php?map=overview&findme=
3. The payload used is: ";alert(document.cookie)//
4. Simply visiting the complete URL: http://IP/index.php?map=overview&findme=";alert(document.cookie)// is enough. Now an alertbox should pop up with your current cookie value. <img src="Screenshot 2023-05-03 at 17.56.59.png" alt="Screenshot 2023-05-03 at 17.56.59" style="zoom:50%;" />
Special thanks goes out to iCaotix who greatly helped me in getting the environment setup as well as debugging my payload.
[4.0K] /data/pocs/cff68c677075faad9b3944f4ecb48aad87178864
├── [1.2K] README.md
└── [115K] Screenshot 2023-05-03 at 17.56.59.png
0 directories, 2 files