Home / os / win10

Eramba Enterprise & Community Editions Stored XSS

Posted on 30 November -0001

<HTML><HEAD><TITLE>eramba Enterprise & Community Editions Stored XSS</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title:  eramba Enterprise & Community Editions Stored XSS
# Author: 		Yunus YILDIRIM (Th3GundY)
# Team: 	  	CT-Zer0 (@CRYPTTECH) - https://www.crypttech.com
# Website: 	 www.yunus.ninja
# Contact: 	 yunusyildirim@protonmail.com

 
1. ADVISORY INFORMATION
=======================
Product:        eramba Open-Source IT GRC 
Description:  eramba is a web-application that helps with the analysis, management and reporting of Security, 
			Governance, Risk and Compliance challenges.
			Founded in 2011 and followed by a community of tens of thousands, we are building the leading
			open-source GRC application on Internet.
Vendor URL:    http://www.eramba.org
Download Link: http://www.eramba.org/resources/download/
 

2. VULNERABILITY SUMMARY
========================

Stored XSS in Notification Page.
eramba is vulnerable to a stored XSS when an user created Notifications with an
malicious payload on the "Notification Name" field.
The html/javascript payload is executed when another user tries to use the
see Notifications.



3. TECHNICAL DETAILS
========================
 
Stored XSS in Notification Page.
eramba is vulnerable to a stored XSS when an user created Notifications with an
malicious payload on the "Notification Name" field.
The html/javascript payload is executed when another user tries to use the
see Notifications.


4. PROOF OF CONCEPT
========================

PoC for Enterprise or Community Edition:
1- Go, System - Settings - Notifications menu or 
	Just go http://<eramba-IP>/notificationSystem/attach/Project
2- Click Manage button
3- Add Warning or Add Awareness or Add Default. You can select anyone of them.
4- In "Notification Name" field, here is the payload "><svg/onload=prompt(/CT-Zer0/)> 
5- Save it, you see pop-up
/notificationSystem/index/Project

PoC Video: https://www.youtube.com/watch?v=03xNMcpXqTs
 

5. AFFECTED VERSIONS
====================
Community Edition <= c1.0.6.001
Enterprise Edition <= e1.0.6.018


Vulnerability Disclosure Timeline:
=========================
29/11/2016   -   Contact With Vendor
30/11/2016   -   Vendor Response
16/12/2016   -   Public Dislosure</BODY></HTML>

 

TOP

Malware :

Exploits :