header-logo
Suggest Exploit
vendor:
GoAhead Web Server
by:
Syed Affan Ahmed (ZEROXINN)
4.1
CVSS
MEDIUM
HTML Injection
79
CWE
Product Name: GoAhead Web Server
Affected Version From: 45414
Affected Version To: Potentially other versions
Patch Exists: NO
Related CWE: CVE-2023-XXXX
CPE: a:embedthis:goahead_web_server:2.5
Metasploit:
Other Scripts:
Platforms Tested: ZTE AC3630
2023

GoAhead Web Server 2.5 – ‘goform/formTest’ Multiple HTML Injection Vulnerabilities

The GoAhead Web Server version 2.5 is vulnerable to multiple HTML injection flaws as it lacks proper input validation. Exploiting this vulnerability allows an attacker to execute malicious HTML code within the context of the affected site.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation mechanisms to sanitize user-supplied input and prevent the execution of malicious HTML code.
Source

Exploit-DB raw data:

# Exploit Title: GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities
# Date: 25/9/2023
# Exploit Author: Syed Affan Ahmed (ZEROXINN)
# Vendor Homepage: https://www.embedthis.com/goahead/
# Affected Version: 2.5 may be others.
# Tested On Version: 2.5 in ZTE AC3630

---------------------------POC---------------------------

GoAhead Web Server Version 2.5 is prone to Multiple HTML-injection vulnerabilities due to inadequate input validation.

HTML Injection can cause the ability to execute within the context of that site.

http://192.168.0.1/goform/formTest?name=<h1>Hello</h1>&address=<h1>World</h1>

Navigation

Suggest Exploit

Services By CQR