Share
## https://sploitus.com/exploit?id=PACKETSTORM:172145
# Exploit Title: Reflected Cross Site Scripting  
  
- Google Dork:  
- Date: 27.04.2023  
- Exploit Author: Lucas Noki (0xPrototype)  
- Vendor Homepage: https://github.com/vogtmh  
- Software Link: https://github.com/vogtmh/cmaps  
- Version: 8.0  
- Tested on: Mac, Windows, Linux  
- CVE : CVE-2023-29808  
  
*Description:*  
  
The vulnerability found is Reflected Cross Site Scripting. When the `/index.php?map=overview&findme=` endpoint is hit with a request where the "findme" parameter contains a malicious payload we have the possibility to perform an XSS attack. This happens because the input isn't sanitized.  
  
*Steps to reproduce:*  
  
1. Clone the repository and install the application  
2. Send a maliciously crafted payload via the "findme" parameter to the following endpoint: /index.php?map=overview&findme=  
3. The payload used is: ";alert(document.cookie)//  
4. Simply visiting the complete URL: http://IP/index.php?map=overview&findme=";alert(document.cookie)// is enough. Now an alertbox should pop up with your current cookie value. <img src="Screenshot 2023-05-03 at 17.56.59.png" alt="Screenshot 2023-05-03 at 17.56.59" style="zoom:50%;" />  
  
Special thanks goes out to iCaotix who greatly helped me in getting the environment setup as well as debugging my payload.