OpenDocMan version 1.2.7.2 suffers from a stored cross site scripting vulnerability.
9f332c895e8166ec8e2320d9eefc0078f0941cb2d7bf695a536c577547ad88ba
# Exploit Title: Stored Cross Site Scripting Vulnerability leads to hijack the users session
# Date: 2 July 2014
# Exploit Author: Madhu Akula
# Vendor Homepage: http://www.opendocman.com/
# Version : 1.2.7.2
# Severity: High
Description :
About Vulnerability :
Stored attacks are those where the injected script is permanently stored
on the target servers, such as in a database, in a message forum,
visitor log, comment field, etc. The victim then retrieves the malicious
script from the server when it requests the stored information.
Impact :
Attackers can execute scripts in a victim's browser to hijack user
sessions, deface web sites, insert hostile content, redirect users,
hijack the user's browser using malware, etc.
For more reference :
https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) <https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_%28XSS%29>
Steps to Reproduce : (POC)
Login as any user and add a document.
When you are adding a document. Give the name
|"><img src=x onerror=prompt(document.domain)>.png
|
then upload it.
Mitigation :
Not yet fixed and fix will release in next SVN (1.2.7.3)
# References :
https://github.com/opendocman/opendocman/issues/163
Madhu Akula
Information Security Researcher
https://www.twitter.com/madhuakula