-
Type: Task
-
Status: Done
-
Priority: High
-
Resolution: Done
-
Epic Link:
Invicti Enterprise identified that the target web site is using Moment.js and detected that it is out of date.
Impact
Since this is an old version of the software, it may be vulnerable to attacks.
Moment.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability
Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability
impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a user-provided locale string is directly
used to switch moment locale. This problem is patched in 2.29.2, and the patch can be applied to all affected versions. As a
workaround, sanitize the user-provided locale name before passing it to Moment.js.
Affected Versions
1.0.1 to 2.29.1
External References
CVE-2022-24785
Exploits
Vulnerabilities
2.1. https://sfs.turkiyeshell.com/
Identified Version
2.29.1
Latest Version
2.29.4
Vulnerability Database
Result is based on 06/27/2023 15:00:00 vulnerability database content.
Request
GET / HTTP/1.1
Host: sfs.turkiyeshell.com
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8
Accept-Language: en-us,en;q=0.5
Cache-Control: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/108.0.5359.71 Safari/537.36
8/43
Response
Response Time (ms) : 1007.3124
Total Bytes Received : 874
Body Length : 0
Is Compressed : No
HTTP/1.1 200 OK
Set-Cookie: .AspNetCore.Antiforgery.IOH2qP4C9lk=CfDJ8I4hPoQOtxJNkFdlxKdQaaj61YWL07fDpF-ClCDhm_pPgj67UZX3w2uryZeXKR60HZMGynGssWi2luhrYfHAfcWHsRTa05TQKE8z2Idgvlgxkc9jNi6X22oqjJCv68RzFXOJ2p3NAe3AlBLw06
LPIE; path=/; secure; samesite=strict; httponly
Set-Cookie:
.AspNetCore.Session=CfDJ8I4hPoQOtxJNkFdlxKdQaahdraxoML2YikJMr5CtJegWDjJBB4cc7DLrVuZbE1SQ47e%2Bp2rv3A
6QidMg6Qpd4ExEJ2QwFKjm8Lus2I%2Ft3WUvje5SqvKtsGb5dMAIoAtHXJsYsqgSX5V2XPdaNKDY9ghWS6payV%2BcBIOSr2dOFV
qP; path=/; secure; samesite=lax; httponly
Referrer-Policy: no-referrer
X-Content-Type-Options: nosniff
Expires: -1
Pragma: no-cache
X-XSS-Protection: 1
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=2592000
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Date: Fri, 30 Jun 2023 22:37:53 GMT
Cache-Control: no-store, no-cache
<!DOCTYPE html>
<html lang="en">
<head>
<base href="">
<meta charset="utf-8" />
<title>Giriş | SFS Portalı</title>
<meta name="description" content="Shell Filo Çözümleri SFS Portalı" />
<meta property="og:title" content="Shell Filo Çözümleri Portalı" />
<meta name="description" content="Filo yönetiminde ihtiyaç duyduğunuz Shell TTS, Partner Card,
Kurumsal HGS ve Pratik Kart ürünlerine buradan ulaşabilir, filonuzu ofisinizden çıkmadan tek
merkezden kolayca yönetebilirsiniz.">
<meta property="og:description" content="Filo yönetiminde ihtiyaç duyduğunuz Shell TTS, Partner
Card, Kurumsal HGS ve Pratik Kart ürünlerine buradan ulaşabilir, filonuzu ofisinizden çıkmadan tek
merkezden kolayca yönetebilirsiniz." />
<meta property="og:site_name" content="Shell Filo Çözümleri Portalı">
<meta name="viewport" content="width=device-width, initial-scale=1.0, shrink-to-fit=no" />
<meta property="og:image" content="~/assets/shell-ographimg.png">
<meta property="og:type" content="website" />
<script>
var tim