SOPlanning 1.52.00 Cross Site Scripting

2024.05.04
Credit: liquidsky
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Exploit Title: SOPlanning v1.52.00 'groupe_save.php' XSS (Reflected XSS) Application: SOPlanning Version: 1.52.00 Date: 4/22/24 Exploit Author: Joseph McPeters (Liquidsky) Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/ Tested on: Linux CVE: Not yet assigned Description: SOPlanning v1.52.00 is vulnerable to XSS via the 'groupe_id' parameters a remote unautheticated attacker can hijack the admin account or other users. The remote attacker can hijack a users session or credentials and perform a takeover of the entire platform. Example Payload: "><script>alert('LiQUiDSKY')</script><!-- Reflected XSS: /soplanning/www/process/groupe_save.php?saved=1&groupe_id="><script>alert('LiQUiDSKY')</script><!--&nom=Project+New Analysis: The landing page takes into consideration the user input then redirects to a page where the XSS is shown the payload included in the exploit, escapes the variable where it is held, and comments out the rest to perform a valid reflected XSS attack against any authenticated user the payload was sent to.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top