Now you can request a feature, improvement or collaborate with us.
Author
"Ilca Lucian Florin"
Platform
php
Release date
2019-08-14
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 | # Exploit Title: 0Day UnauthenticatedXSS SugarCRM Enterprise # Google Dork: N/A # Date: 11.08.2019 # Exploit Author: Ilca Lucian Florin # Vendor Homepage: https://www.sugarcrm.com # Version: 9.0.0 # Tested on: Windows 7 / Internet Explorer 11 / Google Chrome 76 # CVE : 2019-14974 The application fails to sanitize user input on https://sugarcrm-qms.XXX.com/mobile/error-not-supported-platform.html and reflect the input directly in the HTTP response, allowing the hacker to exploit the vulnerable parameter and have malicious content executed in the victim's browser. Steps to reproduce: 1.Attacker will craft a malicious payload and create a legitimate link with the payload included; 2. Attacker will send the link to the victim; 3. Upon clicking on the link, the malicious payload will be reflected in the response and executed in the victim’s browser. The behavior can be observed by visiting the following URL: https://server/mobile/error-not-supported-platform.html?desktop_url=javascript:alert(document.cookie);//itms:// Clicking on FULL VERSION OF WEBSITE will trigger the XSS. Impact statement: Although requiring user interaction, reflected XSS impact might range from web defacement to stealing user info and full account takeover, depending on the circumstances. Recommendation: Always ensure to validate parameters input and encode the output. |
Release Date | Title | Type | Platform | Author |
---|---|---|---|---|
2020-11-27 | "SAP Lumira 1.31 - Stored Cross-Site Scripting" | local | multiple | "Ilca Lucian Florin" |
2020-11-27 | "Wordpress Theme Wibar 1.1.8 - 'Brand Component' Stored Cross Site Scripting" | webapps | php | "Ilca Lucian Florin" |
2019-08-14 | "SugarCRM Enterprise 9.0.0 - Cross-Site Scripting" | webapps | php | "Ilca Lucian Florin" |
import requests
response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/47247/?format=json')
For full documentation follow the link above