clientResponse Responsive PHP Client Management Stored XSS Injection

2019.04.27
ru QUIXSS (RU) ru
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[*] :: Title: clientResponse Responsive PHP Client Management Stored XSS Injection [*] :: Author: QUIXSS [*] :: Date: 2019-04-26 [*] :: Software: clientResponse Responsive PHP Client Management [?] :: Technical Details & Description: # Weak security measures like bad textarea fields data filtering has been discovered in the «clientResponse Responsive PHP Client Management». [?] :: Demo Website: # https://codecanyon.net/item/clientresponse-responsive-php-client-management/3797780 # Backend (admin): http://byluminary.com/envato_demos/clientResponse/admin/login.php # Backend (user): http://byluminary.com/envato_demos/clientResponse/login.php # Login/Password (admin): luminary@clientresponse.com/pass # Login/Password (user): john@clientresponse.com/pass [!] :: Special Note: # Author of this web-application was warned twice about bad security measures. Nothing has changed. [!] :: For developers: # Disabling any data changes on a demo websites doesn't make your applications more secure. It's good for business and sales but you are simply double-crossing your clients. [+] :: PoC [Links]: # http://byluminary.com/envato_demos/clientResponse/admin/index.php?action=viewClient&clientId=1 # http://byluminary.com/envato_demos/clientResponse/admin/index.php # http://byluminary.com/envato_demos/clientResponse/index.php # http://byluminary.com/envato_demos/clientResponse/index.php?page=viewFile&fileId=1 [+] :: PoC [Stored XSS Injection]: # Authorize on the demo website for tests as admin or as a regular user, then go to any page with a text field, f.e. http://byluminary.com/envato_demos/clientResponse/admin/index.php?action=viewDiscussion&discussionId=2 # Click on «Edit Topic» button and inside textarea box type and save this first: </textarea>QUIXSS # After u save this data, press «Edit Topic» button again and then you'll see that XSS filter is successfully bypassed and text QUIXSS will be out of the textarea box. Then again, use the same beginning </textarea> and type any payload u want, save the data and your XSS will be successfully injected. # Sample payload: </textarea><script>alert('QUIXSS')</script>

References:

https://codecanyon.net/item/clientresponse-responsive-php-client-management/3797780


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top