NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution

NorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents.

agent attacker build can command cross site scripting javascript logs malicious page payload registration remote command execution requests routes scripting send unauthenticated version version 1 web