CVE-2021-45092 PoC — Cybele Software Thinfinity VirtualUI 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-45092.yaml

Associated Vulnerability

Title:Cybele Software Thinfinity VirtualUI 安全漏洞 (CVE-2021-45092)
Description:Cybele Software Thinfinity VirtualUI是美国Cybele Software公司的一款支持将远程Windows应用程序嵌入到标准Web应用程序中，从而可以与Javascript编程进行双向交互的解决方案。 Cybele Software Thinfinity VirtualUI 3.0之前版本存在安全漏洞，攻击者可以通过lab.html中的vpath参数进行IFRAME注入。

Description

A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default  could allow IFRAME injection via the "vpath" parameter.

File Snapshot


 id: CVE-2021-45092

info:
  name: Thinfinity Iframe Injection
  author: danielmofer
  severity: crit

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!