Serenity Client Management Portal Multiple Vulnerabilities

vendor:

Serenity Client Management Portal

by:

Halil Dalabasmaz

8,8

CVSS

HIGH

Unrestricted File Upload, Stored XSS

79, 79

CWE

Product Name: Serenity Client Management Portal

Affected Version From: v1.0.1

Affected Version To: v1.0.1

Patch Exists: YES

Related CWE: N/A

CPE: a:codecanyon:serenity_client_management_portal

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

Serenity Client Management Portal Multiple Vulnerabilities

Login to system and go to 'Profile' section. Now you can upload any file or shell file from 'Profile Image' section. For Stored XSS, Login to system and go to 'Profile' section. Now you can run any XSS payloads on all profile inputs. Sample Payload for XSS: '><script>alert(document.cookie);</script>'

Mitigation:

Filter the files aganist to attacks.

Source

Exploit-DB raw data:

# Exploit Title: Serenity Client Management Portal Multiple Vulnerabilities
# Date: 08-10-2014
# Exploit Author: Halil Dalabasmaz
# Version: v1.0.1
# Software Link: http://codecanyon.net/item/serenity-client-management-portal/9136098
# Software Test Link: http://www.zenperfectdesign.com/demo/serenity-cc/

# Vulnerabilities Description:

===Unrestricted File Upload===
Login to system and go to "Profile" section. Now you can upload any file or shell file from "Profile Image" section.

Solution
Filter the files aganist to attacks.

===

===Stored XSS===
Login to system and go to "Profile" section. Now you can run any XSS payloads on all profile inputs.

Sample Payload for XSS: "><script>alert(document.cookie);</script>

Solution
Filter the files aganist to attacks.