{"id":56110,"date":"2024-04-06T00:41:15","date_gmt":"2024-04-05T20:41:15","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/177948\/derby90rd-xss.txt"},"modified":"2024-04-06T00:41:15","modified_gmt":"2024-04-05T20:41:15","slug":"derbynet-9-0-render-document-php-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/derbynet-9-0-render-document-php-cross-site-scripting\/","title":{"rendered":"DerbyNet 9.0 render-document.php Cross Site Scripting"},"content":{"rendered":"<p>CVE ID: CVE-2024-30920<\/p>\n<p>Description:<br \/>A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet v9.0, specifically within the `render-document.php` component. This vulnerability allows a remote attacker to execute arbitrary code via crafted URLs. The root cause of the vulnerability is the application&#8217;s failure to properly sanitize user input in document rendering paths, which permits the injection of malicious scripts.<\/p>\n<p>Vulnerability Type: XSS (Cross Site Scripting)<\/p>\n<p>Vendor of Product:<br \/>DerbyNet &#8211; https:\/\/github.com\/jeffpiazza\/derbynet<\/p>\n<p>Affected Product Code Base:<br \/>DerbyNet &#8211; v9.0<\/p>\n<p>Affected Component:<br \/>render-document.php<\/p>\n<p>Attack Type:<br \/>Remote<\/p>\n<p>Impact:<br \/>Code execution<\/p>\n<p>Root Cause:<br \/>The vulnerability arises from the application&#8217;s display of debug information, including `ORIG_SCRIPT_FILENAME`, `DOCUMENT_URI`, `SCRIPT_NAME`, and `PHP_SELF`. These debug outputs improperly handle user-supplied input by not sanitizing it before inclusion in the output, leading directly to XSS vulnerabilities when malicious inputs are rendered by the browser.<\/p>\n<p>Attack Vectors:<br \/>The vulnerability can be exploited with URLs such as:<br \/>&#8211; `http:\/\/127.0.0.1:8000\/render-document.php\/racer\/&lt;img src=x onerror=alert(1)&gt;`<br \/>&#8211; `http:\/\/127.0.0.1:8000\/render-document.php\/&lt;img src=x onerror=alert(1)&gt;`<\/p>\n<p>Discoverer:<br \/>Valentin Lobstein<\/p>\n<p>References:<br \/>&#8211; http:\/\/derbynet.com<br \/>&#8211; https:\/\/github.com\/jeffpiazza\/derbynet<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID: CVE-2024-30920 Description:A Cross Site Scripting (XSS) vulnerability has been identified in DerbyNet v9.0, specifically within the `render-document.php` component. This vulnerability allows a remote attacker to execute arbitrary code via crafted URLs. The root cause of the vulnerability is the application&#8217;s failure to properly sanitize user input in document rendering paths, which permits the &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-56110","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56110","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=56110"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/56110\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=56110"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=56110"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=56110"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}