{"id":20943,"date":"2022-02-22T10:38:33","date_gmt":"2022-02-22T07:38:33","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/166068\/thinfinityvirtualui25410-inject.txt"},"modified":"2022-02-22T11:31:37","modified_gmt":"2022-02-22T08:01:37","slug":"thinfinity-virtualui-2-5-41-0-iframe-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/thinfinity-virtualui-2-5-41-0-iframe-injection\/","title":{"rendered":"Thinfinity VirtualUI 2.5.41.0 IFRAME Injection"},"content":{"rendered":"<p dir=\"ltr\">Exploit Title: Thinfinity VirtualUI 2.5.41.0 &#8211; IFRAME Injection<br \/>\nDate: 16\/12\/2021<br \/>\nExploit Author: Daniel Morales<br \/>\nVendor: https:\/\/www.cybelesoft.com &lt;https:\/\/www.cybelesoft.com\/&gt;<br \/>\nSoftware Link: https:\/\/www.cybelesoft.com\/thinfinity\/virtualui\/ &lt;https:\/\/www.cybelesoft.com\/thinfinity\/virtualui\/&gt;<br \/>\nVersion: Thinfinity VirtualUI &lt; v3.0<br \/>\nTested on: Microsoft Windows<br \/>\nCVE: CVE-2021-45092<\/p>\n<p dir=\"ltr\">How it works<br \/>\nBy accessing the following payload (URL) an attacker could iframe any external website (of course, only external endpoints that allows being iframed).<\/p>\n<p dir=\"ltr\">Payload<br \/>\nThe vulnerable vector is &#8220;https:\/\/example.com\/lab.html?vpath=\/\/wikipedia.com &lt;https:\/\/example.com\/lab.html?vpath=\/\/wikipedia.com&gt; &#8221; where &#8220;vpath=\/\/&#8221; is the pointer to the external site to be iframed.<\/p>\n<p dir=\"ltr\">Vulnerable versions<br \/>\nIt has been tested in VirtualUI version 2.1.37.2, 2.1.42.2, 2.5.0.0, 2.5.36.1, 2.5.36.2 and 2.5.41.0.<\/p>\n<p dir=\"ltr\">References<br \/>\nhttps:\/\/github.com\/cybelesoft\/virtualui\/issues\/2 &lt;https:\/\/github.com\/cybelesoft\/virtualui\/issues\/2&gt;<br \/>\nhttps:\/\/www.tenable.com\/cve\/CVE-2021-45092 &lt;https:\/\/www.tenable.com\/cve\/CVE-2021-45092&gt;<br \/>\nhttps:\/\/twitter.com\/danielmofer &lt;https:\/\/twitter.com\/danielmofer&gt;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Exploit Title: Thinfinity VirtualUI 2.5.41.0 &#8211; IFRAME Injection Date: 16\/12\/2021 Exploit Author: Daniel Morales Vendor: https:\/\/www.cybelesoft.com &lt;https:\/\/www.cybelesoft.com\/&gt; Software Link: https:\/\/www.cybelesoft.com\/thinfinity\/virtualui\/ &lt;https:\/\/www.cybelesoft.com\/thinfinity\/virtualui\/&gt; Version: Thinfinity VirtualUI &lt; v3.0 Tested on: Microsoft Windows CVE: CVE-2021-45092 How it works By accessing the following payload (URL) an attacker could iframe any external website (of course, only external endpoints that allows &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-20943","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/20943","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=20943"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/20943\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=20943"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=20943"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=20943"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}