Headline
CVE-2022-37140: POC-DUMP/PayMoney at main · saitamang/POC-DUMP
PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE). The vulnerability exists on the reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.
CVE-2022-37140
# Exploit Title: PayMoney 3.3 is vulnerable to Client Side Remote Code Execution (RCE).
# Date: 24/07/2022
# Exploit Author: saitamang
# Vendor Homepage: https://paymoney.techvill.org/
# Software Link: https://paymoney.techvill.org/
# Version: 3.3
Description
The paymoney.techvill.org system suffers from Client Side Remote Code Execution (RCE) from uploading malicious RTF file. The vulnerability exist on reply ticket function and upload the malicious file. A calculator will open when the victim who download the file open the RTF file.
Attack Vector
The attacker create the malicious macro file
The file is then uploaded
If the user download the file, the file can be executed and gain the client side RCE.
The RCE executed on client side.
CVE-2022-37137
# Exploit Title: PayMoney 3.3 is vulnerable to Stored Cross-Site Scripting (XSS) during replying the ticket
# Date: 24/07/2022
# Exploit Author: saitamang
# Vendor Homepage: https://paymoney.techvill.org/
# Software Link: https://paymoney.techvill.org/
# Version: 3.3
Description
The XSS can be obtain from injecting under “Message” field with “description” parameter with the specially crafted payload to gain Stored XSS. The XSS then will prompt after that or can be access from the view ticket function.
Attack Vector
The user first must created a ticket.
Then on the replying the ticket under “Message” field with “description” parameter, inject the payload below to gain Stored Cross-Site Scripting(XSS).
"><svg/onload=alert(document.cookie)>
- The XSS will prompt or can be access from the view ticket function