CVE Identification and Details

• Vendor: Labvantage
• Product: Labvantage LIMS
• Affected Endpoint: POST /labvantage/rc?command=file&file=WEB-OPAL/pagetypes/bulletins/sendbulletin.jsp
• Vulnerable Parameters: bulletinurl, bulletinbody
• Vulnerability Type: HTML Injection

Reproduction of the Attack

The following steps were used to identify and confirm the HTML injection vulnerability in the bulletinurl and bulletinbody parameters of the POST request to the affected endpoint. The testing was conducted using Burp Suite.

Crafting the POST Request with HTML Injection Payloads

1. Description: A POST request was crafted by adding the HTML injection payloads to the body parameters bulletinurl and bulletinbody:
   • Payload for bulletinurl: testURL"><h1><font color=blue>PwnTest</h1><textarea></textarea><a href="
   • Payload for bulletinbody: Message 1</textarea><h1>pwn</h1><div STYLE="background-image: url();"><textarea>

Figure 1: The request made by adding the HTML injection payloads to the bulletinurl and bulletinbody parameters.

Exploitation and Impact

HTML injection vulnerabilities can be exploited by attackers to manipulate the structure and content of a web page. This can lead to various malicious activities, such as:

• Phishing: Inserting fake login forms to steal user credentials.
• Defacement: Changing the appearance of the web page.
• Data Manipulation: Altering the displayed content on the affected page.
• Embedding Malicious Content: Injecting links to malicious websites or including harmful scripts.

Recommendations

1. Input Validation and Sanitization: Ensure all user inputs are properly validated and sanitized before including them in the HTML content.