MyITCRM Cross Site Scripting

2014-09-14T00:00:00
ID PACKETSTORM:128251
Type packetstorm
Reporter Provensec
Modified 2014-09-14T00:00:00

Description

                                        
                                            `#Description :Free and Open source CRM Software for your Repairs and  
Servicing Business!  
#vendor:http://demo.myitcrm.com/  
#author:provensec  
#type:stored xss  
#exploit:  
1 Goto  
http://demo.myitcrm.com/index.php?page=supplier:new&page_title=New%20Supplifr%20Page  
  
2 click on html refer screenshot ==> http://prntscr.com/4lfcnp  
  
3 After that a new popup windows will open fill the field with xss  
payload "><img src=d onerror=confirm(/provensec/);>  
  
4 Save it and javascript will execute => http://prntscr.com/4lfd1y  
`