Des-click 1.0.0 - Reflective cross site scripting

2020.02.09
fr Mizaru (FR) fr
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Title: Des-Click 1.0.0 - Reflective Cross-Site Scripting # Date: 2020-02-09 # Author: Mizaru # Vendor Homepage: https://www.des-click.com/ # Tested on: Windows 10 / Linux # Versions: 1.0.0 # Vulnerable Parameter: "titlefamille" (Get Method) # CVE: None # Notes: # An attacker can use XSS (in titlefamille parameter des-click 1.0.0) # to send a malicious script to an unsuspecting Admins or users. The # end admins or useras browser has no way to know that the script should not # be trusted (Same Origin Policy), and will execute the script. Because it thinks the script came # from a trusted source, the malicious script can access any cookies, session # tokens, or other sensitive information retained by the browser and used # with that site. These scripts can even rewrite the content of the HTML # page. Even an attacker can easily place users in social engineering through # this vulnerability and create a fake field. # PoC: # Go to the page through this path: http://localhost/id_famille=1&id_grp=1&titlefamille= # Add the "titlefamille" parameter to the URL and write malicious code, Example: http://localhost/id_famille=1&id_grp=1&titlefamille="><svg/onload=document.location.href="https://github.com/sMizaru"> #This code will redirect you to my github page. #Some malicious code will be detected by the WAF of the web application (if the server have a WAF). #Big thanks to Smog (https://twitter.com/Sm0g3uh)


Vote for this issue:
40%
60%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top