CVE-2024-36599
📋 TL;DR
A stored cross-site scripting (XSS) vulnerability in Aegon Life v1.0 Life Insurance Management System allows attackers to inject malicious scripts into the name parameter at insertClient.php. This affects any organization using this specific version of the software. The injected scripts execute in victims' browsers when they view the compromised data.
💻 Affected Systems
- Aegon Life Life Insurance Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator credentials, hijack user sessions, deface the application, or redirect users to malicious sites, potentially leading to complete system compromise.
Likely Case
Attackers inject malicious scripts that steal session cookies or credentials from users who view the compromised client data pages.
If Mitigated
With proper input validation and output encoding, the malicious payloads would be neutralized before execution.
🎯 Exploit Status
Exploitation requires access to the client insertion functionality, which typically requires authentication. The exploit is simple and well-documented in public repositories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch is available. Implement input validation and output encoding in insertClient.php to sanitize the name parameter.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd server-side validation to sanitize user input in the name parameter before processing.
Modify insertClient.php to include: htmlspecialchars($_POST['name'], ENT_QUOTES, 'UTF-8')
Content Security Policy (CSP)
allImplement CSP headers to restrict script execution sources.
Add to web server config: Content-Security-Policy: default-src 'self'; script-src 'self'
🧯 If You Can't Patch
- Implement a Web Application Firewall (WAF) with XSS protection rules
- Restrict access to the vulnerable application using network segmentation
🔍 How to Verify
Check if Vulnerable:
Test by inserting a payload like <script>alert('XSS')</script> into the name parameter at insertClient.php and check if it executes when viewing client data.Check Version:
Check the software version in the application interface or configuration files.Verify Fix Applied:
After implementing fixes, test with the same payload to ensure it's properly sanitized and doesn't execute.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to insertClient.php with script tags in parameters
- Multiple failed login attempts followed by client creation
Network Indicators:
- HTTP requests containing script tags in POST data to insertClient.php
SIEM Query:
source="web_server_logs" AND uri="/insertClient.php" AND (POST_data CONTAINS "<script>" OR POST_data CONTAINS "javascript:")🔗 References
- https://github.com/kaliankhe/CVE-Aslam-mahi/blob/9ec0572c68bfd3708a7d6e089181024131f4e927/vendors/projectworlds.in/AEGON%20LIFE%20v1.0%20Life%20Insurance%20Management%20System/CVE-2024-36599
- https://www.exploit-db.com/exploits/52042
- https://github.com/kaliankhe/CVE-Aslam-mahi/blob/9ec0572c68bfd3708a7d6e089181024131f4e927/vendors/projectworlds.in/AEGON%20LIFE%20v1.0%20Life%20Insurance%20Management%20System/CVE-2024-36599
