| 标题 | ZKTeco ZKBio CVSecurity V5000 4.1.0 Filter Bypass leads Stored Cross-Site Scripting to PrivEsc |
|---|
| 描述 | A filter bypass has been identified in the "Department Name" field that results in Stored Cross-Site Scripting (Stored XSS). This vulnerability allows a user with permissions to edit existing fields or add new ones to the system to inject malicious scripts. This script can steal cookies from administrators or other users and potentially escalate privileges or perform other malicious actions.
Technical details:
The filter bypass issue that leads to Stored Cross-Site Scripting occurs as described below:
Access: Navigate to the Personal / Personnel / Department section.
Action: Edit an existing department or add a new one.
Payload Insertion: In the "Department Name" field, enter the following payload:
"><img src=x onerror="alert``"
Impact: Each time a user accesses the Departments list, the script is executed.
Risks and Consequences:
Cookie Theft: The attacker can capture session cookies from administrators and users, enabling session hijacking.
Privilege Escalation: By stealing cookies, an attacker can gain access to restricted areas of the system, performing actions they should not be able to perform.
Malicious Script Execution: The vulnerability allows the injection of scripts that can perform arbitrary actions in the victim's browser, such as redirecting to malicious websites, modifying displayed content, and more. |
|---|
| 来源 | ⚠️ https://www.zkteco.com.br/zkbiocvsecurity/ |
|---|
| 用户 | Stux (UID 40142) |
|---|
| 提交 | 2024-06-06 16時03分 (2 年前) |
|---|
| 管理 | 2024-06-14 17時29分 (8 days later) |
|---|
| 状态 | 已接受 |
|---|
| VulDB条目 | 268693 [ZKTeco ZKBio CVSecurity V5000 4.1.0 Department Section Department Name 跨网站脚本] |
|---|
| 积分 | 20 |
|---|