.. / CVE-2024-33724

Exploit for SOPlanning 1.52.00 Cross Site Scripting (CVE-2024-33724)

Description:

SOPlanning v1.52.00 is vulnerable to XSS via the ‘groupe_id’ parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform.

Nuclei Template

View the template here CVE-2024-33724.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-33724.yaml
Copy

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-33724
https://packetstormsecurity.com/files/178434/SOPlanning-1.52.00-Cross-Site-Scripting.html
https://github.com/fuzzlove/soplanning-1.52-exploits