NorthStar C2 Cross Site Scripting / Code Execution

Posted on 22 May 2024

NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored cross site scripting issue. An unauthenticated user can simulate an agent registration to cause the cross site scripting attack and take over a users session. With this access, it is then possible to run a new payload on all of the NorthStar C2 compromised hosts (agents), and kill the original agent. Successfully tested against NorthStar C2 commit e7fdce148b6a81516e8aa5e5e037acd082611f73 running on Ubuntu 22.04. The agent was running on Windows 10 19045.

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

User Registration And Management System 3.2 SQL Injection
Bagisto 2.1.2 Client-Side Template Injection
Backdoor.Win32.Plugx MVID-2024-0686 Insecure Permissions
Microweber 2.0.15 Cross Site Scripting
Apache OFBiz Forgot Password Directory Traversal

Last 20