Authored by CraCkEr

ONEST CRM version 1.0 suffers from a persistent cross site scripting vulnerability.

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││                                     C r a C k E r                                    ┌┘
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                  [ Vulnerability ]                                   ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:  Author   : CraCkEr                                                                    :
│  Website  : https://onesttech.com/details/crm                                          │
│  Vendor   : Onest Tech                                                                 │
│  Software : ONEST CRM 1.0 - Customer Relationship Management System Software           │
│  Vuln Type: Stored XSS                                                                 │
│  Impact   : Manipulate the content of the site                                         │
│                                                                                        │
│────────────────────────────────────────────────────────────────────────────────────────│
│                                                                                       ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                        :
│  Release Notes:                                                                        │
│  ═════════════                                                                         │
│  Allow Attacker to inject malicious code into website, give ability to steal sensitive │
│  information, manipulate data, and launch additional attacks.                          │
│                                                                                        │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                                                                      ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

   Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL , MoizSid09  

  CryptoJob (Twitter) twitter.com/0x0CryptoJob

┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                    © CraCkEr 2023                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘


## Stored XSS

------------------------------------------------------------
POST /admin/project/update/2 HTTP/2

Content-Disposition: form-data; name="name"

<script>alert(1)</script>
------------------------------------------------------------

POST parameter 'name' is vulnerable to XSS


## Steps to Reproduce:

1. Login (as Client) "Normal User"
2. Go to [Project List] on this Path (https://website/admin/project)
3. Select any Project Click on the ... then Select [Edit]
4. Inject your [XSS Payload] in "Name"
5. Scroll Down and Press [Update]
6. XSS Will Fire on Client Browser

5. When ADMIN Visit the [Project List] to Check the Projects on this Path (https://website/admin/project) in administration Panel
6. XSS will Fire & Executed on his Browser

Note: the Path for [Client Users] and [ADMIN] on the website it looks the same on "/admin/"
      but The Client User Panel is Limited & don't show all Administration MENU Options in the Administration Panel to manage the website


[-] Done

RELATED ARTICLESMORE FROM AUTHOR