.. / CVE-2020-8115

Exploit for Revive Adserver <=5.0.3 - Cross-Site Scripting (CVE-2020-8115)

Description:

Revive Adserver 5.0.3 and prior contains a reflected cross-site scripting vulnerability in the publicly accessible afr.php delivery script. In older versions, it is possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script is printed back without proper escaping, allowing an attacker to execute arbitrary JavaScript code on the browser of the victim.

Nuclei Template

View the template here CVE-2020-8115.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-8115.yaml

References:

https://github.com/Elsfa7-110/kenzer-templates
https://hackerone.com/reports/775693
https://nvd.nist.gov/vuln/detail/CVE-2020-8115
https://github.com/merlinepedra/nuclei-templates
https://www.revive-adserver.com/security/revive-sa-2020-001/

.. / CVE-2020-8115 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Revive Adserver <=5.0.3 - Cross-Site Scripting (CVE-2020-8115)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-8115