CVE-2024-28741
published 2024-04-06CVE-2024-28741: Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
PriorityP269high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
78.16%
99.5th percentile
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated agent registration requests to NorthStar C2 that contain XSS payloads — these are stored in the logs page and trigger when an authenticated user views logs. ↗
- →Monitor NorthStar C2 logs page for stored XSS payloads injected via spoofed agent registration; session hijacking follows successful XSS execution. ↗
- →After session hijack, attacker deploys a new payload to ALL compromised NorthStar C2 agents and kills the original agent — look for unexpected new agent check-ins or mass payload pushes from the C2 server. ↗
- ·Vulnerability is only present in NorthStar C2 versions prior to commit 7674a44 (March 11, 2024); patched instances are not affected. ↗
- ·Exploit was validated specifically on Ubuntu 22.04 (server) with a Windows 10 19045 agent; behavior on other OS/version combinations is unconfirmed. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
https://blog.chebuya.com/posts/discovering-cve-2024-28741-remote-code-execution-on-northstar-c2-agents-via-pre-auth-stored-xss/https://github.com/EnginDemirbilek/NorthStarC2https://packetstormsecurity.com/files/177542/NorthStar-C2-Agent-1.0-Cross-Site-Scripting-Remote-Command-Execution.htmlhttps://blog.chebuya.com/posts/discovering-cve-2024-28741-remote-code-execution-on-northstar-c2-agents-via-pre-auth-stored-xss/https://github.com/EnginDemirbilek/NorthStarC2https://packetstormsecurity.com/files/177542/NorthStar-C2-Agent-1.0-Cross-Site-Scripting-Remote-Command-Execution.html
2024-04-06
Published