ID PACKETSTORM:147364 Type packetstorm Reporter 8bitsec Modified 2018-04-26T00:00:00
Description
`# Exploit Title: HRSALE The Ultimate HRM 1.0.2 - CSV Injection
# Date: 2018-04-23
# Exploit Author: 8bitsec
# CVE: CVE-2018-10257
# Vendor Homepage: https://codecanyon.net/
# Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619
# Version: 1.0.2
# Tested on: [Kali Linux 2.0 | Mac OS 10.13]
Release Date:
=============
2018-04-23
Product & Service Introduction:
===============================
HRSALE provides you with a powerful and cost-effective HR platform to ensure you get the best from your employees and managers.
Technical Details & Description:
================================
A user is able to inject a command that will be included in the exported CSV file.
Proof of Concept (PoC):
=======================
1. Login with employee user credentials
2. Browse to My Profile and add =cmd|'/C calc'!A1 into the First Name field
3. Log in with admin's credentials
4. Browse to Core HR > Employees Last Login
5. Click on the CSV button to download and open the exported CSV file
`
{"edition": 1, "title": "HRSALE The Ultimate HRM 1.0.2 CSV Injection", "bulletinFamily": "exploit", "published": "2018-04-26T00:00:00", "lastseen": "2018-04-27T01:05:58", "history": [], "modified": "2018-04-26T00:00:00", "reporter": "8bitsec", "hash": "2caa05fbb93e10de87ca155ff2e18e866b2528003995a6f565eac76d03e9b3b9", "viewCount": 0, "sourceHref": "https://packetstormsecurity.com/files/download/147364/hrsalehrm102-inject.txt", "href": "https://packetstormsecurity.com/files/147364/HRSALE-The-Ultimate-HRM-1.0.2-CSV-Injection.html", "description": "", "type": "packetstorm", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "81deb10251f1b13036d6ea2fe93fd4b2"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "8999ccc82333991453af23700547ea22"}, {"key": "modified", "hash": "7593651b965d734a50213dfb4152582c"}, {"key": "published", "hash": "7593651b965d734a50213dfb4152582c"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "0c09e6b61a2cd723f605ad48b648ad55"}, {"key": "sourceData", "hash": "3f888e9c4ded49e38ffa8b519e2c262c"}, {"key": "sourceHref", "hash": "621ba63abc4383c474267bef5ce865ba"}, {"key": "title", "hash": "781077aa94553c5b8add9f7f6cba34dd"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "references": [], "objectVersion": "1.3", "enchantments": {"score": {"value": 5.5, "vector": "NONE", "modified": "2018-04-27T01:05:58"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-10257"]}, {"type": "exploitdb", "idList": ["EDB-ID:44536"]}, {"type": "zdt", "idList": ["1337DAY-ID-30254"]}], "modified": "2018-04-27T01:05:58"}, "vulnersScore": 5.5}, "sourceData": "`# Exploit Title: HRSALE The Ultimate HRM 1.0.2 - CSV Injection \n# Date: 2018-04-23 \n# Exploit Author: 8bitsec \n# CVE: CVE-2018-10257 \n# Vendor Homepage: https://codecanyon.net/ \n# Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 \n# Version: 1.0.2 \n# Tested on: [Kali Linux 2.0 | Mac OS 10.13] \n \nRelease Date: \n============= \n2018-04-23 \n \nProduct & Service Introduction: \n=============================== \nHRSALE provides you with a powerful and cost-effective HR platform to ensure you get the best from your employees and managers. \n \nTechnical Details & Description: \n================================ \n \nA user is able to inject a command that will be included in the exported CSV file. \n \nProof of Concept (PoC): \n======================= \n \n1. Login with employee user credentials \n2. Browse to My Profile and add =cmd|'/C calc'!A1 into the First Name field \n3. Log in with admin's credentials \n4. Browse to Core HR > Employees Last Login \n5. Click on the CSV button to download and open the exported CSV file \n \n \n`\n", "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": ["CVE-2018-10257"], "id": "PACKETSTORM:147364"}
{"cve": [{"lastseen": "2019-05-29T18:19:41", "bulletinFamily": "NVD", "description": "A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.", "modified": "2018-06-13T17:23:00", "id": "CVE-2018-10257", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10257", "published": "2018-05-01T19:29:00", "title": "CVE-2018-10257", "type": "cve", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "zdt": [{"lastseen": "2018-04-26T03:28:34", "bulletinFamily": "exploit", "description": "Exploit for php platform in category web applications", "modified": "2018-04-26T00:00:00", "published": "2018-04-26T00:00:00", "href": "https://0day.today/exploit/description/30254", "id": "1337DAY-ID-30254", "title": "HRSALE The Ultimate HRM v1.0.2 - CSV Injection Vulnerability", "type": "zdt", "sourceData": "# Exploit Title: HRSALE The Ultimate HRM 1.0.2 - CSV Injection\r\n# Exploit Author: 8bitsec\r\n# CVE: CVE-2018-10257\r\n# Vendor Homepage: https://codecanyon.net/\r\n# Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619\r\n# Version: 1.0.2\r\n# Tested on: [Kali Linux 2.0 | Mac OS 10.13]\r\n \r\nRelease Date:\r\n=============\r\n2018-04-23\r\n \r\nProduct & Service Introduction:\r\n===============================\r\nHRSALE provides you with a powerful and cost-effective HR platform to ensure you get the best from your employees and managers.\r\n \r\nTechnical Details & Description:\r\n================================\r\n \r\nA user is able to inject a command that will be included in the exported CSV file.\r\n \r\nProof of Concept (PoC):\r\n=======================\r\n \r\n1. Login with employee user credentials\r\n2. Browse to My Profile and add =cmd|'/C calc'!A1 into the First Name field\r\n3. Log in with admin's credentials\r\n4. Browse to Core HR > Employees Last Login\r\n5. Click on the CSV button to download and open the exported CSV file\n\n# 0day.today [2018-04-26] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/30254"}], "exploitdb": [{"lastseen": "2018-05-24T14:18:00", "bulletinFamily": "exploit", "description": "HRSALE The Ultimate HRM 1.0.2 - CSV Injection. CVE-2018-10257. Webapps exploit for PHP platform", "modified": "2018-04-25T00:00:00", "published": "2018-04-25T00:00:00", "id": "EDB-ID:44536", "href": "https://www.exploit-db.com/exploits/44536/", "type": "exploitdb", "title": "HRSALE The Ultimate HRM 1.0.2 - CSV Injection", "sourceData": "# Exploit Title: HRSALE The Ultimate HRM 1.0.2 - CSV Injection\r\n# Date: 2018-04-23\r\n# Exploit Author: 8bitsec\r\n# CVE: CVE-2018-10257\r\n# Vendor Homepage: https://codecanyon.net/\r\n# Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619\r\n# Version: 1.0.2\r\n# Tested on: [Kali Linux 2.0 | Mac OS 10.13]\r\n\r\nRelease Date:\r\n=============\r\n2018-04-23\r\n\r\nProduct & Service Introduction:\r\n===============================\r\nHRSALE provides you with a powerful and cost-effective HR platform to ensure you get the best from your employees and managers.\r\n\r\nTechnical Details & Description:\r\n================================\r\n\r\nA user is able to inject a command that will be included in the exported CSV file.\r\n\r\nProof of Concept (PoC):\r\n=======================\r\n\r\n1. Login with employee user credentials\r\n2. Browse to My Profile and add =cmd|'/C calc'!A1 into the First Name field\r\n3. Log in with admin's credentials\r\n4. Browse to Core HR > Employees Last Login\r\n5. Click on the CSV button to download and open the exported CSV file", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/44536/"}]}
