Reflected XSS on multiple locations and parameters in unilogies/bumsys

Valid

Reported on

Nov 2nd 2022


Description

The user input is not being sanitized properly on multiple locations and on different parameters leading to XSS.

Proof of Concept

https://demo.bumsys.org/reports/sales-report/?salesDate="><body%20onpageshow=alert(1)>

Payload

"><body%20onpageshow=alert(1)>

Impact

  1. Perform any action within the application that the user can perform.
  2. View any information that the user is able to view.
  3. Modify any information that the user is able to modify.
  4. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.

Occurrences

id parameter is vulnerable.

POST parameter salesId is vulnerable.

val parameter is vulnerable.

id parameter is vulnerable.

pqnt parameter is vulnerable.

POST parameter productCode is vulnerable.

salesDate is vulnerable.

val parameter is vulnerable. Line 1747 is also vulnerable.

POST parameter productCode is vulnerable.

id parameter is vulnerable.

POST paymentChequeNo parameter is vulnerable.

id parameter is vulnerable.

POST parameter advanceCollectionId is vulnerable.

POST parameter paymentChequeNo is vulnerable

val parameter is vulerable.

val parameter is vulnerable.

dateRange parameter is vulnerable.

id parameter is vulnerable.

paymentType and dateRange parameters are vulnerable.

paymentType and dateRange parameters are vulnerable.

val parameter is vulnerable.

paymentType and dateRange parameters are vulnerable.

POST parameter shopAdvanceCollectionId is vulnerable.

POST salaryTypes parameter is vulnerable.

POST dueBillPaymentChequeNo parameter is vulnerable.

POST paymentChequeNo parameter is vulnerable.

POST parameter receivedPaymentId is vulnerable.

POST salaryType parameter is vulnerable.

id parameter is vulnerable.

POST parameter userLanguage is vulnerable.

cid and dateRange parameters are vulnerable.

We are processing your report and will contact the unilogies/bumsys team within 24 hours. a month ago
krizzsk modified the report
a month ago
krizzsk modified the report
a month ago
We have contacted a member of the unilogies/bumsys team and are waiting to hear back a month ago
unilogies/bumsys maintainer
a month ago

Maintainer


Opps. Thanks again @krizzsk. I will fix the issue as soon as possible. Your work is really great.

Khurshid Alam

Khurshid Alam validated this vulnerability a month ago
krizzsk has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
unilogies/bumsys maintainer
23 days ago

Maintainer


Dear Brother, Sorry for the delay.

All of the issue you have mentioned has been solved. Please check and let me if it is okay. Thank you

Khurshid Alam

We have sent a fix follow up to the unilogies/bumsys team. We will try again in 7 days. 23 days ago
unilogies/bumsys maintainer marked this as fixed in v1.0.3-beta with commit 9ddce6 22 days ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
krizzsk
21 days ago

Researcher


Hi, I can confirm the fix.

Cheers, @krizzsk

unilogies/bumsys maintainer gave praise 21 days ago
Thank you @krizzsk
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
unilogies/bumsys maintainer published this vulnerability 21 days ago
unilogies/bumsys maintainer
19 days ago

Maintainer


Hello @krizzsk, I hope you are doing well.

I need some help about SQL Injection Attack. Could you please help us by finding if there any issue regarding SQL Injection?

Looking forward to hear you soon. Thank you

to join this conversation