Exploit for ebankIT 6 Cross Site Scripting CVE-2023-30454

Name: Exploit for ebankIT 6 Cross Site Scripting CVE-2023-30454
Rating: 5 (191 reviews)
2023-04-28 | CVSS 6.9
## https://sploitus.com/exploit?id=PACKETSTORM:172063
CVE-2023-30454  
  
[Description]  
An issue was discovered in ebankIT before version 7.  
Document Object Model based XSS exists within the  
/Security/Transactions/Transactions.aspx  
endpoint. Users can supply their own JavaScript within the  
ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray  
POST parameter that will be passed to an eval() function and executed  
upon pressing the continue button.  
  
------------------------------------------  
  
[Vulnerability Type]  
Cross Site Scripting (XSS)  
  
------------------------------------------  
  
[Vendor of Product]  
ebankIT  
  
------------------------------------------  
  
[Affected Product Code Base]  
ebankIT - Omnichannel Digital Banking Platform - Version 6, patched in version 7  
  
------------------------------------------  
  
[Affected Component]  
The endpoint existing at: /Security/Transactions/Transactions.aspx  
  
------------------------------------------  
  
[Attack Type]  
Remote  
  
------------------------------------------  
  
[Impact Code execution]  
true  
  
------------------------------------------  
  
[Attack Vectors]  
I discovered a Document Object Model-based Cross-Site Scripting issue  
within the ebankIT platform. While manually inspecting the client-side  
JavaScript code I came across the variable JSONText. This variable  
was using the eval function to parse data passed to it through the  
accobj variable. Knowing the eval function evaluates text as  
JavaScript, I proceeded to locate exactly what data was passed to this  
variable. I found that the data could be supplied by a user during a  
Transfer request (on /Security/Transactions/Transactions.aspx), when  
selecting which account to transfer from. To execute this XSS, I  
intercepted our test user s Transfer request, supplied my own custom  
JavaScript alert(4) in the  
ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray  
POST parameter, and pressed the continue button which resulted in  
the payload successfully executing.  
  
------------------------------------------  
  
[Discoverer]  
Jake Murphy