Headline
CVE-2022-44213: ZKT Eco ADMS - Stored XSS
ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS).
ZKT Eco ADMS - Stored XSS
Hi All,
I was able to identify stored XSS in one online attendance system i.e. ZKT Eco ADMS (v 3.1-164 )(Automatic Data Master Server) is a powerful web-based time and attendance management software. which is used to configure the attendance devices and manage its users.
Cve ID assigned CVE-2022-44213: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44213
Technical details
- Login to ZKT Eco ADMS (default admin/admin)
- Click on System and click on Employee
- Click on Append button to add new Employee
- In Emp Name field Add your XSS payload. For testing I have used a non malicious code "/><img src=a onerror=alert(‘stored-XSS’);>
- Click on Submit button, it will redirect you to the employee list, and our payload will be executed.
XSS payload embedded in EMP NAME field.
our payload executed successfully.
XSS has been fixed in latest versions after 3.1-164.
Popular posts from this blog
Ericsson BSCS iX R18 Billing & Rating (ADMX, MX) - Stored XSS
Dear Reader, I was able to identify stored XSS in multiple web base modules of Ericsson BSCS iX R18 Billing & Rating platform Below are its details: # Software description: Ericsson Billing is a convergent billing solution for telecoms that combines an unrivaled combination of out-of-the box features and high configurability. As an evolution of the widely-installed Ericsson BSCS iX, Ericsson Billing provides a low-risk but effective route to capture and secure revenue streams and take advantage of business opportunities from both traditional telecom services as well as digital services, 5G and IoT. # Technical Details & Impact: There are multiple web base modules in BSCS iX e.g. ADMX, MX (monitoring center), CX etc. It was observed that ADMX and MX are vulnerable to stored XSS, In most test cases session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admin’s browsers using beef
Autoconfiguration ipv4 address 196.254.x.x IP Problem
Today when i connect my laptop to Lan it wasn’t getting the ip from my DHCP server. Instead it gives me some weird IP like 196.254.x.x . while my Wifi was working fine, I searched Alot to get to know until i found a great piece of code on a blog. so going to share with you guys. Problem with my Ip. Steps to follow: If you are Using any Firewall disable it (like i use comodo so i disable it temporary) Click on start and click on RUN (or simple press windowsKey+R ) type CMD Now type the below Codes netsh interface ipv4 show inter It will show like this. As we have problem in LAN so my LAN here is Local Area Connection and Its Idx=11 (we will use this idx number in next code) Now type in this code and replace your Idx number, as mine is 11 netsh interface ipv4 set interface 11 dadtransmits=0 store=persistent It will show like this. If it says OK. Congratulations you have done the difficult part Now Click on Start and Run again and Type Servic
CSV Injection in Acunetix version 13.0.201217092
Hi all, I was using Acunetix version 13.0.201217092 for scanning purposes back in Jan 2021, and I was able to identify CSV Injection vulnerability in the web scanner. Any user who is not the administrator can perform these actions which can lead to admin system compromise. For testing I used the Admin account. Lets get to the technical details. CVE ID Assigned: CVE-2022-29315 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29315 https://www.cve.org/CVERecord?id=CVE-2022-29315 Vulnerable Version: Before version 14 Fixed Version: 14 and 14+ # Software description: Acunetix by Invicti Security is an application security testing tool built to help small & mid-size organizations around the world take control of their web security. # Technical Details & Impact: It was observed that Target page is vulnerable to CSV Injection, using CSV injection; Maliciously crafted formulas can be used for three key attacks: Hijacking the user’s computer by exploiting vulnerabilitie
Related news
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to access sensitive information via a crafted cookie.
A stored cross-site scripting (XSS) vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter.