Ekushey Project Manager CRM v3.1 Stored XSS - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1571342 漏洞类型
发布时间 2019-04-16 更新时间 2019-04-16
漏洞平台 N/A CVSS评分 N/A
«Ekushey Project Manager CRM» have no input field filtering, so you can post any payload u want on almost each page with input field on it.
PoC: go to the authors demo website http://creativeitem.com/demo/ekushey/index.php/login and log in as admin and then go to the «System Settings» page ( http://creativeitem.com/demo/ekushey/index.php/admin/system_settings ). Most usefull fields is «System Name», «System Title» and «Address», test any payload u want, f.e.: "><script>alert(1)</script> or "><img src="x" onerror="window.location.replace('https://cxsecurity.com/');"> - all this stuff will work. The whole project is vunnerable to Stored XSS attacks, so you can save your payloads on almost each page with input field on it: «Manage Client», «Manage Project», «Running Team Tasks», etc. etc.