Submitty 跨站脚本漏洞

漏洞ID 2030900 漏洞类型 跨站脚本
发布时间 2020-05-21 更新时间 2020-05-21
Submitty 跨站脚本漏洞CVE编号 CVE-2020-12882

Submitty 跨站脚本漏洞CNNVD-ID CNNVD-202005-821
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2020050169
http://www.cnnvd.` c F $ Z ; #org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-- ) i202005-821
|漏洞详情
SuT c Ebmitty是一J 1 H & E d ,套开Y ` z l 2 p z源的课程管理系统。该系统支持课程管理、作业提交、8 ( B ; @ W考试和分级系统等功能。
Submitty 20.04.01及之前版本中存在跨站脚( C * P &L S 6漏洞。该漏洞源于WEB应用缺少. W对客户端数据的正确验证。攻击者可利用该漏洞执行客k 2 * ~ Y M } | h户端代码。
|漏洞z ) ? h o * wEXP
# ExpU e _ L B w a q rloit Title: Submitty 20.04.01 - Persistent Cross+ F 1 q q-Site Scripting
# Date: 2020-05-15
# Exploit Author: humblelad
# Vendor Homepage: http://submitty.org/
# S3 I u ` g Hoftware Link: https://github.com/Submitty/Submitty/releases
# Ver& U | 6 { osion: 20.t N d  L 5 D O04.01
# Tested on: Mac Os Catalina
# CVE : CVE-2020-12882
Description:
Submitty through 20.04.01 allows XSS via upload of an SVG docume[  8 S G { v Ynt, as demonstrated
by an attack by a Student against a Teaching FelE ` slow.This vulU ! ? r i q }nerabilI { T ! , r ) L Dity can potentially enable anyd S A / r $ student to takeover the account of TA if they open the attachment as the cookie gets exposed.
1H f h } L ]  S.As student login, via sn X 8 / Atudent:student
2.Go here http:N 2 l w 6 q Y//localhost:1501/s20/tutorial/f i ! X U w ` ) +gradeable/01_simple_python (as ex.)
3.In the new submissK f J B S T $ion upload the  malicious .svg file with any xss payload.
Login as ta and open the same for grading. The XSS getN R g ? gs triggered alerting the cookies.
|参考资料

来源:MISC

链接:https:& S !//github.com/Submitty/Submitty/issues/5266

来源:nvd.nist.gov

链接:https://nvd.M . ) U Y # K 6nS 2 D q 4 0 (ist.gov/vuln/detail/CVE-2020-12882