https://github.com/eqstlab/cve-2024-25503
Cross-Site Scripting vulnerability in Advanced REST Client v.17.0.9 exploit
https://github.com/eqstlab/cve-2024-25503
Last synced: 4 months ago
JSON representation
Cross-Site Scripting vulnerability in Advanced REST Client v.17.0.9 exploit
- Host: GitHub
- URL: https://github.com/eqstlab/cve-2024-25503
- Owner: EQSTLab
- Created: 2024-09-06T06:17:18.000Z (almost 2 years ago)
- Default Branch: main
- Last Pushed: 2024-09-06T06:17:36.000Z (almost 2 years ago)
- Last Synced: 2025-02-23T17:47:36.710Z (over 1 year ago)
- Language: HTML
- Homepage:
- Size: 1.95 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# CVE-2024-25503
> **Vulnerability type : Cross Site Scripting (XSS)**
> **Product: Advanced REST Client desktop application**
> **Vulnerable Version: 17.0.9**
> **Vendor of the product(s): https://www.advancedrestclient.com/**
## 1. Description
Cross-Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information.
This can be achieved by exploiting a crafted script within the 'edit details' parameter of the New Project function.
## 2. Attack Vectors
This vulnerability arises when an attacker maliciously stores a 'XSS' script in the project description (Markdown format), shares the project with the victim, and then executes the shared project on the victim's PC using the ARC App.
## 3. Proof-of-Concept (PoC)
#### Step 1) Click on the '+ADD A PROJECT' button on the third tab after running the Advanced REST Client.
#### Step 2) Click the 'Open details' tab to view the created project.
#### Step 3) Click on the 'Edit details' tab in the created New Project.
#### Step 4) Attacker writes 'XSS script' and clicks 'SAVE' button.
```html
```
#### Step 5) When opening a project, a 'XSS script' may generate an alert(information leakage)
#### or load an attacker's page(phishing).
#### Step 6) Projects created by attackers can be exported through the 'Export project' function.
#### Step 7) Attacker names the project and clicks the 'EXPORT' button to export the project where the 'XSS script' is stored.
#### Step 8) This app also has the ability to import a project.
#### Step 9) Victim selects 'import all versions of ARC data' from the top tab to open the projectreceived from the attacker.
#### Step 10) When clicking a 'SELECT FILE' button for victim to open malicious project file containing 'XSS script'.
#### Step 11) After the file selection is completed, click the 'IMPORT DATA' button to importsuccessfully.
#### Step 12) Imported file runs and attacker's 'Stored XSS script' runs on victim's 'Advanced RESTClient (ARC) App'.
## 4. Additional Information
* If the victim executes a project that includes malicious payloads shared by the attacker, it is dangerous because the victim cannot immediately notice the payload.
* For example, this vulnerability can be used to steal sensitive information or perform malicious behavior by reading a user's browser URL.
* You can also perform phishing attacks by redirecting users to other sites. Be careful if an XSS vulnerability is exploited in a phishing attack, which can lead to external exposure of sensitive information.
## 5. Discoverer
* E-mail: irene0seo97@gmail.com
* Github: https://github.com/YOUNGSEO-PARK