[Description] | |
NeDi 1.9C is vulnerable to reflected cross-site scripting. The | |
Other-Converter.php file improperly validates | |
user input. An attacker can exploit this | |
vulnerability by crafting arbitrary JavaScript | |
in the txt GET parameter. | |
------------------------------------------ | |
[Additional Information] | |
Step To Reproduce-: | |
1. Login with the credential. | |
2. Go to https://ip-nedi/Other-Converter.php?txt="><script>alert(document.domain)</script> | |
------------------------------------------ | |
[Vulnerability Type] | |
Cross Site Scripting (XSS) | |
------------------------------------------ | |
[Vendor of Product] | |
Nedi-FindIt | |
------------------------------------------ | |
[Affected Product Code Base] | |
Nedi - 1.9C | |
------------------------------------------ | |
[Affected Component] | |
Other-Converter.php | |
------------------------------------------ | |
[Attack Type] | |
Remote | |
------------------------------------------ | |
[Impact Code execution] | |
true | |
------------------------------------------ | |
[Impact Escalation of Privileges] | |
true | |
------------------------------------------ | |
[Impact Information Disclosure] | |
true | |
------------------------------------------ | |
[Attack Vectors] | |
An attacker can exploit this vulnerability by crafting arbitrary | |
javascript ("><script>alert(document.domain)</script>) in `txt` GET | |
parameter of Other-Converter.php resulting in execution of the | |
javascript. Due to this flaw, an attacker can hijack the user's | |
session. | |
------------------------------------------ | |
[Reference] | |
http://www.nedi.ch/download/ | |
------------------------------------------ | |
[Discoverer] | |
Preetham Bomma |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment