Advertisement






clientResponse Responsive PHP Client Management Stored XSS Injection

CVE Category Price Severity
N/A CWE-79 Unknown High
Author Risk Exploitation Type Date
Unknown High Remote 2019-04-27
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019040246

Below is a copy:

clientResponse Responsive PHP Client Management Stored XSS Injection
[*] :: Title: clientResponse Responsive PHP Client Management Stored XSS Injection
[*] :: Author: QUIXSS
[*] :: Date: 2019-04-26
[*] :: Software: clientResponse Responsive PHP Client Management
  
[?] :: Technical Details & Description:
# Weak security measures like bad textarea fields data filtering has been discovered in the clientResponse Responsive PHP Client Management.

[?] :: Demo Website:
# https://codecanyon.net/item/clientresponse-responsive-php-client-management/3797780
# Backend (admin): http://byluminary.com/envato_demos/clientResponse/admin/login.php
# Backend (user): http://byluminary.com/envato_demos/clientResponse/login.php
# Login/Password (admin): [email protected]/pass
# Login/Password (user): [email protected]/pass

[!] :: Special Note:
# Author of this web-application was warned twice about bad security measures. Nothing has changed.

[!] :: For developers:
# Disabling any data changes on a demo websites doesn't make your applications more secure. It's good for business and sales but you are simply double-crossing your clients.

[+] :: PoC [Links]:
# http://byluminary.com/envato_demos/clientResponse/admin/index.php?action=viewClient&clientId=1
# http://byluminary.com/envato_demos/clientResponse/admin/index.php
# http://byluminary.com/envato_demos/clientResponse/index.php
# http://byluminary.com/envato_demos/clientResponse/index.php?page=viewFile&fileId=1

[+] :: PoC [Stored XSS Injection]:
# Authorize on the demo website for tests as admin or as a regular user, then go to any page with a text field, f.e. http://byluminary.com/envato_demos/clientResponse/admin/index.php?action=viewDiscussion&discussionId=2
# Click on Edit Topic button and inside textarea box type and save this first: </textarea>QUIXSS
# After u save this data, press Edit Topic button again and then you'll see that XSS filter is successfully bypassed and text QUIXSS will be out of the textarea box. Then again, use the same beginning </textarea> and type any payload u want, save the data and your XSS will be successfully injected.
# Sample payload: </textarea><script>alert('QUIXSS')</script>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.