CVE-2024-52583
📋 TL;DR
The WesHacks website before November 17, 2024 contained malicious JavaScript injection through external links to 'Leostop', a potentially malicious site. This vulnerability allows attackers to execute arbitrary JavaScript code in users' browsers when they visit the compromised schedule.html page. All users accessing the vulnerable WesHacks website before the fix were affected.
💻 Affected Systems
- WesHacks Hackathon Competition Website
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of user sessions, credential theft, malware distribution, and persistent tracking of all website visitors through malicious JavaScript execution.
Likely Case
User tracking, data exfiltration, and potential injection of additional malicious payloads through the compromised JavaScript files.
If Mitigated
No impact if the website has been updated to remove Leostop references or if users have JavaScript disabled.
🎯 Exploit Status
Exploitation is trivial - users simply need to visit the vulnerable page. The malicious JavaScript is automatically loaded.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 93dfb83 or later
Vendor Advisory: https://github.com/DefinetlyNotAI/WesHacks/security/advisories/GHSA-462m-5c66-4pmh
Restart Required: No
Instructions:
1. Update to commit 93dfb83 or later. 2. Verify all references to 'Leostop' have been removed from schedule.html. 3. Clear any cached versions of the website.
🔧 Temporary Workarounds
Block Leostop domains
allPrevent connections to the malicious Leostop site using network filtering
Disable JavaScript for WesHacks site
allConfigure browser to block JavaScript execution on the vulnerable domain
🧯 If You Can't Patch
- Take the website offline until patched
- Implement Content Security Policy (CSP) to restrict script sources
🔍 How to Verify
Check if Vulnerable:
Inspect schedule.html source code for any references to 'Leostop' or suspicious external JavaScript importsCheck Version:
git log --oneline -1Verify Fix Applied:
Confirm schedule.html contains no references to 'Leostop' and check commit hash is 93dfb83 or later📡 Detection & Monitoring
Log Indicators:
- HTTP requests to Leostop domains
- Unusual JavaScript file downloads from external sources
Network Indicators:
- Outbound connections to unknown/Leostop domains on ports 80/443
- Suspicious JavaScript file downloads
SIEM Query:
sourceIP="website_server" AND (destDomain CONTAINS "leostop" OR url CONTAINS "leostop")