Express Invoice - The Complete Billing Software v7.0 Stored XSS Injection

2019.04.23

QUIXSS (RU)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

[*] :: Title: Express Invoice - The Complete Billing Software v7.0 Stored XSS Injection
[*] :: Author: QUIXSS
[*] :: Date: 2019-04-23
[*] :: Software: Express Invoice - The Complete Billing Software v7.0
  
[?] :: Technical Details & Description:
# Weak security measures like no input fields data filtering has been discovered in the «Express Invoice - The Complete Billing Software». Current version of this web-application is 7.0.

[?] :: Demo Website:
# https://codecanyon.net/item/express-invoice-with-stock-account-solutions/15467114
# Backend: http://billing.ultimatekode.com/demo/
# Login: admin, Password: 123456

[!] :: PoC Stored XSS Injection:
# http://billing.ultimatekode.com/demo/

[+] :: PoC [Stored XSS Injection]:
# Authorize on the demo website for tests: http://billing.ultimatekode.com/demo/ (login / password is admin / 123456). This web-application have no security measures or filters to prevent XSS Injections, so you can do what u want and add your payload almost in each input field you see. No limits :)
# Sample payload: "><script>alert('QUIXSS')</script>

References:

https://codecanyon.net/item/express-invoice-with-stock-account-solutions/15467114

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Express Invoice - The Complete Billing Software v7.0 Stored XSS Injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.