| 제목 | Eastnets PaymentSafe 2.5.26.0 Cross Site Scripting |
|---|
| 설명 | A Stored Cross-Site Scripting (XSS) vulnerability was identified in the BIC Search functionality of the application. This flaw allows an attacker to inject malicious JavaScript payloads, which execute when another user interacts with the compromised entry, potentially leading to session hijacking and full account takeover.
1. Login to the application. (Attacker needs credentials, could be internal actor)
2. Navigate to "Utilities" and click on "BIC Search"
3. Add or edit the entry and add the payload as "<img/src="x" onmouseover="confirm(document.domain)">" exact payload needs to be entered, please copy and paste as the special character like > and < is a a bypass for aspx applications.
4. Save it and hover the mouse on the injected payload, xss payload will execute. |
|---|
| 원천 | ⚠️ https://drive.google.com/file/d/1uTRLoCnOGcXtSpoZO8xyPakhIO4MbCMk/view?usp=sharing |
|---|
| 사용자 | kushkira (UID 60170) |
|---|
| 제출 | 2025. 02. 02. PM 12:25 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 02. 15. PM 03:38 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 295953 [Eastnets PaymentSafe 2.5.26.0 BIC Search 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|