Advertisement
| CVE | Category | Price | Severity |
|---|---|---|---|
| CWE-79 | Unknown | High |
| Author | Risk | Exploitation Type | Date |
|---|---|---|---|
| Unknown | High | Remote | 2019-04-17 |
# Title: X Project Manager CRM PRO v1.4 WebShell Upload & Stored XSS Injections
# Author: QUIXSS
# Date: 2019-04-16
# Software: X Project Manager CRM PRO v1.4
# Technical Details & Description:
# Weak file upload filtering (.PHP5/.PHP7 isn't filtering) and multiple Stored XSS vulnerabilitieshas been discovered in the X Project Manager CRM PRO web-application. Current version of this web-application is 1.4.
# PoC #1 [WebShell Upload]:
# It's possible to upload any PHP file via File Manager, just change file type from .PHP to .PHP5 (for PHP v5.X) or .PHP7 (for PHP v7.X) and upload the file. Or just rename your local .PHP file type to .TXT and upload it like this, then rename file type in the File Manager back to .PHP5 or .PHP7. Uploaded file will be inside this directory (for the demo website) -> https://xpm.coderitems.com/-/
# PoC #2 [Stored XSS Injections]:
# The whole web-application doesn't have any input field filters so you can use any input field for Stored XSS Injection. Most usefull fields is Nome della ditta and Dimensione located (at the demo website) here: https://xpm.coderitems.com/admin/settings. Data from this fields will be loaded on literally each page u visit.
# Sample payload: "><script>alert('QUIXSS')</script>
Copyright ©2024 Exploitalert.