Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-34582 PoC — Sunhillo SureLine 跨站脚本漏洞

Source
https://github.com/silent6trinity/CVE-2024-34582
Associated Vulnerability
Title:Sunhillo SureLine 跨站脚本漏洞 (CVE-2024-34582)
Description:Sunhillo SureLine是美国Sunhillo公司的一款监控产品。 Sunhillo SureLine RICI 5000 8.10.0及之前版本存在跨站脚本漏洞,该漏洞源于 Forgot Password 函数中的 cgi/usrPasswd.cgi userid_change 包含跨站脚本。
Readme
# CVE-2024-34582
Affects the latest versions of Mozilla & Chrome Web Browsers, Sunhillo Rici5k & Sureline

The most current versions of the Web Servers running on the Sunhillo devices are susceptible to Reflected XSS. The vulnerability lies within the `userid_change` parameter within `/cgi/usrPasswd.cgi`. This parameter is copied into the value of an HTML tag when the user attempts to their password using the "Forgot Password" functionality of the webserver.

An attacker can use this vulnerability to construct a request that if issued by another application user, will cause the malicious Javascript code to execute in the context of the user's browser session with the application.
File Snapshot

 [4.0K]  /data/pocs/f92828ffa9ab7b4b55eab03d5be2d7feaee1fbf2
├── [ 436]  POC
└── [ 689]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.