Charles River Admin Panel Reflected Cross Site Scripting

About Charles River:

Charles River provides an executable for high profile people which helps them to make decision about investment. It has some automated algorithm which performs the calculation and analysis and help the user to take investment decision.
This executable has an admin panel which is accessible through web browser.

Vulnerability:
The admin website of Charles River is vulnerable to post authentication cross site scripting vulnerability.
The file configPopup.do has parameter "n" which is vulnerable to reflected cross site scripting.

Exploit URL:

domain.com:8081/crts/admin/failover/configPopup.do?n=beanEventPublisher%3cscript%3ealert(1)%3c%2fscript%3e



Solution:
Not yet rolled out

Disclosure Timeline:
August 2018: Informed to Charles River - No reply
December 2018:Reminder mail sent through Contact Us - No reply
January 1 2019: Full disclosure.




Comments

  1. Cyber Zone23 January 2025 at 12:17

    Hello Everone

    Fullz available in bulk quantity
    Fresh spammed & verified info

    SSN DOB DL ADDRESS
    SIN DOB ADDRESS MMN
    NIN DOB ADDRESS SORT CODE

    USA UK CANADA All states info fullz available
    Good Credit Scores & High quality info
    All info will be valid & Genuine spammed not generated

    Contact me here

    What's App = +1... 727... 788.. 6129..
    Tele Gram = @ killhacks - @ leadsupplier
    Email = bigbull0334 at g mail dot com
    Skype = @ peeterhacks

    USA All info available with guarantee
    DL Photos Front Back with SSN
    High Credit Scores Pros
    DL Fullz with issue & exp dates
    UK & Canada DL Front back with selfie
    Passport Photos
    SSN DOB DL Fullz
    SIN DOB ADDRESS MMN Fullz
    NIN DOB DL ADDRESS SORT CODE ACCOUNT NUMBER Fullz
    Young & Old Age Fullz
    CC with CVV
    Dumps with Pin codes

    All stuff will be fresh & valid
    Feel free to contact me

    #fullz #ssnfullz #ssndlfullz #usafullz #ccfullzcvv
    #ukfullz #ukdobaddress #ninukdl #ninDL #uknindobdl #ninsortcode
    #sinfullz #canadafullz #sinnindob #prosCC #ccdumps #sellfullzpros

    ReplyDelete
  2. Jacob9 July 2025 at 16:02

    Hello Guy's

    Fullz available fresh USA UK CANADA
    Updatd-2025 Database with guarantee
    Fresh Stuff never sold before
    Bulk quantity available
    SSN NIN SIN Fullz with all info
    DL Scans Fresh Front & Back with Selfie

    Contact us here for more info & deals:

    Tele Gram - @ killhacks , @ leadsupplier
    What's App - + (1)..727.. 788..6129
    TG Channel - t.me/ leadsproviderworldwide

    *Be aware from scammers using our cloned names
    (Make sure to visit our channel for real usernames & latest updated stuff)

    Fullz|Pros|Leads List:

    SSN DOB DL Address Fullz USA
    NIN DOB DL Address Sort code & Account number Fullz UK
    SIN DOB Address MMN Email Phone Fullz Canada

    DL Scans front back with SSN USA
    DL Scans real Front back with Selfie USA|UK|CA
    Passport Photos with Selfie USA|UK|CA

    Business EIN Company Pros USA
    High Credit Scores Fullz USA|UK|CA
    Dead Fullz in bulk quantity
    CC Fullz with CVV & billing Address
    Dumps with Pin Track 101 & 202 with Cash out Tutorials
    Children Fullz 2011-2023
    Old & young Age Fullz 1935-2009
    Sweep Stakes Fresh & Casino Leads
    Bulk Email (business|Crypto|B2B|Medical|Payday) Leads
    W-2 Forms with DL
    Medical & Hospital Database Leads
    Uber Eats & Doordash KYC Stuff
    Tax Return Filling Fullz
    Fullz for SBA|PUA|UI|FASFA|Loans

    RDP|SMTP|SHELLS
    C-Panels|Web-Mailers
    Bulk SMS & Email Senders
    Scam Pages & Scripting
    Carding, Cash out, Loan Methods

    #SSN #SSNDOBDL #SellSSN #CCShop #CCSELLCVV #ShopSSNDOBDLADDRESS #FULLZ #SSNFULLZ
    #REALDLSCAN #YoungAgeFullz #Fullzseller #USAFULLZ #FULLZUSA #SellerSSNDOB #ShopSSNDOB
    #BusinessFullzUSA #USAPros #USALeads #EINFullz #SIN #SINDOBDL #SellSIN #SINMMNFULLZ #MMNPROSSIN #MMNSIN
    #NIN #NINDOBDL #SellNIN #CCShop #CCSELLCVV #ShopNINDOBDLADDRESS #FULLZ #NINFULLZ

    Many more stuff available for you guy's
    Try our stuff & make good money
    Fresh stuff guaranteed
    Payment mode only in crypto
    Contact us fast for fresh Stuff

    ReplyDelete

Post a Comment

Popular posts from this blog

MY OSCP REVIEW

Image
MY OSCP REVIEW About me I am just a guy who has done B.E (Computer Engineering), C.E.H and I am doing vulnerability assessment for different clients in Mumbai. Inspiration to do OSCP Wanted to read technical stuff only then skip this para. Like other guyz I thought that OSCP is one of the most difficult task in the world of IT Security. And yes, it is one the difficult mission you could ever face. Back in Dec 2014 I was really bored with the conventional vulnerability assessment thing, I wanted to do some more exploitation and some black hat stuff. But in our job we were not allowed to do so, as the environment used to be critical most of the time and time for completing the task was less. So I asked few question on some group in facebook regarding How can I learn more exploitation stuff. There was a guy with the name Mr.WhiteW0rm who have given me a brilliant answer and recommended me to do OSCP. That time I thought though I won't be able to do OSCP but at least I...
Read more

De-Ice 1.120a Walkthrough

Image
          Few days back my friend Chetan told to get hands on De Ice and Kioptrix series before taking PWK labs.The very next weekend I started with De-Ice http://hackingdojo.com/downloads/iso/De-ICE_S1.120.iso . As my bridge network was on 192.168.1.x series I thought of doing De-Ice 1.120a just by bridging the VM. One of the awesome URL that I found today was https://blog.g0tmi1k.com/2011/03/vulnerable-by-design/ . Enumeration: I started with nmap as usual to find all the open ports. I usually use version detection and aggressive scan in nmap.
Read more