Dolibarr ERP/CRM - exploit.company

vendor:

Dolibarr ERP/CRM

by:

Özkan Mustafa Akkuş (AkkuS)

6.1

CVSS

MEDIUM

Cross-Site Scripting

CWE

Product Name: Dolibarr ERP/CRM

Affected Version From: v8.0.3

Affected Version To: v8.0.3

Patch Exists: YES

Related CWE: CVE-2018-19799

CPE: 2.3:a:dolibarr:dolibarr:8.0.3

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: XAMPP for Linux 7.2.8-0

2018

Dolibarr ERP/CRM <= 8.0.3 - Cross-Site Scripting

Dolibarr ERP & CRM is a modern and easy to use software package to manage your business. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Dolibarr 8.0.3 is vulnerable; prior versions may also be affected.

Mitigation:

Ensure that user-supplied input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

# Exploit Title: Dolibarr ERP/CRM <= 8.0.3 - Cross-Site Scripting
# CVE: CVE-2018-19799
# Date: 2018-11-23
# Exploit Author: Özkan Mustafa Akkuş (AkkuS)
# Contact: https://pentest.com.tr
# Vendor Homepage: https://dolibarr.org
# Software Link: http://sourceforge.net/projects/dolibarr/files/
# Version: v8.0.3
# Category: Webapps
# Tested on: XAMPP for Linux 7.2.8-0
# Software Description : Dolibarr ERP & CRM is a modern and easy to use software package to manage your business.
# (customers, invoices, orders, products, stocks, agenda, e-mailings, shipments...)
# Description : Exploiting these issues could allow an attacker to steal cookie-based authentication credentials,
# compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
# Dolibarr 8.0.3 is vulnerable; prior versions may also be affected.
# ==================================================================

# PoC:

# GET Request : /exports/export.php?step=2&datatoexport=[XSS PAYLOAD]&action=selectfield&field=pj.ref&page_y=627