Jump to content
  • Hello visitors, welcome to the Hacker World Forum!

    Red Team 1949  (formerly CHT Attack and Defense Team) In this rapidly changing Internet era, we maintain our original intention and create the best community to jointly exchange network technologies. You can obtain hacker attack and defense skills and knowledge in the forum, or you can join our Telegram communication group to discuss and communicate in real time. All kinds of advertisements are prohibited in the forum. Please register as a registered user to check our usage and privacy policy. Thank you for your cooperation.

    TheHackerWorld Official

SugarCRM Enterprise 9.0.0 - Cross-Site Scripting

 Share


HACK1949

Recommended Posts

# Exploit Title: 0Day UnauthenticatedXSS SugarCRM Enterprise
# Google Dork: N/A
# Date: 11.08.2019
# Exploit Author: Ilca Lucian Florin
# Vendor Homepage: https://www.sugarcrm.com
# Version: 9.0.0
# Tested on: Windows 7 / Internet Explorer 11 / Google Chrome 76
# CVE : 2019-14974

The application fails to sanitize user input on https://sugarcrm-qms.XXX.com/mobile/error-not-supported-platform.html and reflect the input directly in the HTTP response, allowing the hacker to exploit the vulnerable parameter and have malicious content executed in the victim's browser.

Steps to reproduce:

1.Attacker will craft a malicious payload and create a legitimate link with the payload included;
2. Attacker will send the link to the victim;
3. Upon clicking on the link, the malicious payload will be reflected in the response and executed in the victim’s browser.

The behavior can be observed by visiting the following URL:

https://server/mobile/error-not-supported-platform.html?desktop_url=javascript:alert(document.cookie);//itms://

Clicking on FULL VERSION OF WEBSITE will trigger the XSS.

Impact statement:

Although requiring user interaction, reflected XSS impact might range from web defacement to stealing user info and full account takeover, depending on the circumstances.

Recommendation:

Always ensure to validate parameters input and encode the output.
            
Link to post
Link to comment
Share on other sites

 Share

discussion group

discussion group

    You don't have permission to chat.
    • Recently Browsing   0 members

      • No registered users viewing this page.
    ×
    ×
    • Create New...