Dolibarr 3.5 / 3.6 HTML Injection

2015-05-30T00:00:00
ID PACKETSTORM:132108
Type packetstorm
Reporter NaxoneZ
Modified 2015-05-30T00:00:00

Description

                                        
                                            `# Title: HTML Injection in dolibarr  
# Author: Sergio Galán - @NaxoneZ  
# Date: May 20,2015  
# Vendor Homepage: *http://www.dolibarr.es/ <http://www.dolibarr.es/>*  
# Vulnerable version: 3.5 / 3.6  
# CVE: CVE-2015-3935  
  
Dolibarr no properly escape untrusted data to prevent injection  
  
[*] Page affected  
  
- dolibarr-3.7.0/htdocs/societe/societe.php  
- dolibarr-3.7.0/htdocs/societe/admin/societe.php  
  
[*] Fields affected  
  
- Bussiness Search (search_nom) (many others can be affected)  
  
[*] Poc  
You only need to inject the script code in this field like a:  
  
"> < img src='http://www.xxx.com >  
  
  
More Info  
=======  
https://github.com/Dolibarr/dolibarr/issues/2857  
  
Fixed  
=======  
https://github.com/GPCsolutions/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907  
  
  
`