"SugarCRM Enterprise 9.0.0 - Cross-Site Scripting"

Author

"Ilca Lucian Florin"

Platform

php

Release date

2019-08-14

                
                     Download file
                
            
# Exploit Title: 0Day UnauthenticatedXSS SugarCRM Enterprise
# Google Dork: N/A
# Date: 11.08.2019
# Exploit Author: Ilca Lucian Florin
# Vendor Homepage: https://www.sugarcrm.com
# Version: 9.0.0
# Tested on: Windows 7 / Internet Explorer 11 / Google Chrome 76
# CVE : 2019-14974

The application fails to sanitize user input on https://sugarcrm-qms.XXX.com/mobile/error-not-supported-platform.html and reflect the input directly in the HTTP response, allowing the hacker to exploit the vulnerable parameter and have malicious content executed in the victim's browser.

Steps to reproduce:

1.Attacker will craft a malicious payload and create a legitimate link with the payload included;
2. Attacker will send the link to the victim;
3. Upon clicking on the link, the malicious payload will be reflected in the response and executed in the victim’s browser.

The behavior can be observed by visiting the following URL:

https://server/mobile/error-not-supported-platform.html?desktop_url=javascript:alert(document.cookie);//itms://

Clicking on FULL VERSION OF WEBSITE will trigger the XSS.

Impact statement:

Although requiring user interaction, reflected XSS impact might range from web defacement to stealing user info and full account takeover, depending on the circumstances.

Recommendation:

Always ensure to validate parameters input and encode the output.

Release Date	Title	Type	Platform	Author
2019-08-20	"WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery"	webapps	php	"Princy Edward"
2019-08-19	"YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection"	webapps	php	"Fabian Mosch"
2019-08-19	"Neo Billing 3.5 - Persistent Cross-Site Scripting"	webapps	php	n1x_
2019-08-19	"Kimai 2 - Persistent Cross-Site Scripting"	webapps	php	osamaalaa
2019-08-16	"Integria IMS 5.0.86 - Arbitrary File Upload"	webapps	php	Greg.Priest
2019-08-16	"Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion"	webapps	php	qw3rTyTy
2019-08-16	"EyesOfNetwork 5.1 - Authenticated Remote Command Execution"	webapps	php	"Nassim Asrir"
2019-08-14	"WordPress Plugin Download Manager 2.5 - Cross-Site Request Forgery"	webapps	php	"Princy Edward"
2019-08-14	"Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'customfields.php' SQL Injection"	webapps	php	qw3rTyTy
2019-08-14	"SugarCRM Enterprise 9.0.0 - Cross-Site Scripting"	webapps	php	"Ilca Lucian Florin"
2019-08-12	"Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated OS Command Injection Bind Shell"	webapps	php	xerubus
2019-08-12	"Mitsubishi Electric smartRTU / INEA ME-RTU - Unauthenticated Configuration Download"	webapps	php	xerubus
2019-08-14	"Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)"	remote	php	"Ege Balci"
2019-08-13	"AZORult Botnet - SQL Injection"	remote	php	prsecurity
2019-08-13	"Agent Tesla Botnet - Arbitrary Code Execution"	remote	php	prsecurity
2019-08-12	"Joomla! Component JS Jobs (com_jsjobs) 1.2.5 - 'cities.php' SQL Injection"	webapps	php	qw3rTyTy
2019-08-12	"osTicket 1.12 - Persistent Cross-Site Scripting"	webapps	php	"Aishwarya Iyer"
2019-08-12	"osTicket 1.12 - Formula Injection"	webapps	php	"Aishwarya Iyer"
2019-08-12	"osTicket 1.12 - Persistent Cross-Site Scripting via File Upload"	webapps	php	"Aishwarya Iyer"
2019-08-12	"Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticket.php' Arbitrary File Deletion"	webapps	php	qw3rTyTy
2019-08-12	"Joomla! Component JS Support Ticket (com_jssupportticket) 1.1.6 - 'ticketreply.php' SQL Injection"	webapps	php	qw3rTyTy
2019-08-12	"UNA 10.0.0 RC1 - 'polyglot.php' Persistent Cross-Site Scripting"	webapps	php	Greg.Priest
2019-08-12	"BSI Advance Hotel Booking System 2.0 - 'booking_details.php Persistent Cross-Site Scripting"	webapps	php	"Angelo Ruwantha"
2019-08-08	"Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - SQL Injection"	webapps	php	qw3rTyTy
2019-08-08	"Adive Framework 2.0.7 - Cross-Site Request Forgery"	webapps	php	"Pablo Santiago"
2019-08-08	"Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 - Arbitrary File Download"	webapps	php	qw3rTyTy
2019-08-08	"Daily Expense Manager 1.0 - Cross-Site Request Forgery (Delete Income)"	webapps	php	"Mr Winst0n"
2019-08-08	"Open-School 3.0 / Community Edition 2.3 - Cross-Site Scripting"	webapps	php	Greg.Priest
2019-08-08	"Baldr Botnet Panel - Arbitrary Code Execution (Metasploit)"	remote	php	"Ege Balci"
2019-08-07	"WordPress Plugin JoomSport 3.3 - SQL Injection"	webapps	php	"Pablo Santiago"

Release Date	Title	Type	Platform	Author
2019-08-14	"SugarCRM Enterprise 9.0.0 - Cross-Site Scripting"	webapps	php	"Ilca Lucian Florin"

import requests

response = requests.get('https://www.nmmapper.com/api/exploitdetails/47247/?format=json')

                        {"url": "https://www.nmmapper.com/api/exploitdetails/47247/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/47247/41620/sugarcrm-enterprise-900-cross-site-scripting/download/", "exploit_id": "47247", "exploit_description": "\"SugarCRM Enterprise 9.0.0 - Cross-Site Scripting\"", "exploit_date": "2019-08-14", "exploit_author": "\"Ilca Lucian Florin\"", "exploit_type": "webapps", "exploit_platform": "php", "exploit_port": null}

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted

Search for hundreds of thousands of exploits

"SugarCRM Enterprise 9.0.0 - Cross-Site Scripting"

Download file

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Browse exploit APIBrowse