header-logo
Suggest Exploit
vendor:
GoAhead Web Server
by:
Syed Affan Ahmed (ZEROXINN)
4.1
CVSS
MEDIUM
HTML Injection
79
CWE
Product Name: GoAhead Web Server
Affected Version From: 2.5
Affected Version To: 2.5
Patch Exists: NO
Related CWE:
CPE: a:embedthis:goahead_web_server:2.5
Metasploit:
Other Scripts:
Platforms Tested: ZTE AC3630
2023

GoAhead Web Server 2.5 – ‘goform/formTest’ Multiple HTML Injection Vulnerabilities

Multiple HTML injection vulnerabilities are found in GoAhead Web Server version 2.5 due to insufficient input validation. Exploiting this vulnerability allows an attacker to inject and execute HTML code within the context of the affected site.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user-supplied input to prevent HTML injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities
# Date: 25/9/2023
# Exploit Author: Syed Affan Ahmed (ZEROXINN)
# Vendor Homepage: https://www.embedthis.com/goahead/
# Affected Version: 2.5 may be others.
# Tested On Version: 2.5 in ZTE AC3630

---------------------------POC---------------------------

GoAhead Web Server Version 2.5 is prone to Multiple HTML-injection vulnerabilities due to inadequate input validation.

HTML Injection can cause the ability to execute within the context of that site.

http://192.168.0.1/goform/formTest?name=<h1>Hello</h1>&address=<h1>World</h1>

Navigation

Suggest Exploit

Services By CQR