βš™οΈ
Grizzlysec
  • Android & IOS Pentesting
    • πŸ™‰Jailmonkey Android Bypass
    • 🍻In-Depth Rootbeer SDK Bypass (Native) pt 1
    • 🍻In-Depth Rootbeer SDK Bypass (Native) pt 2
    • πŸƒFlutter SSL Pinning Bypass, the hard way
    • πŸ”Using Frida to decrypt sensitive information in mobile applications requests pt 1
  • Exploitation Attack & Defenses
    • πŸ‘ΎRCE via Buffer Overflow - AceaXeFTP [CVE-2019-19782]
    • πŸ‘ΎExploitation Protections From Old To Bleeding Edge pt 1
    • πŸ‘ΎExploitation Protections From Old To Bleeding Edge pt 2
    • πŸ‘ΎExploitation Protections From Old To Bleeding Edge pt 3
  • Web & Random Sec
    • πŸ”ŽSecurity Issues on Ajenti.
    • πŸ”ŽSecurity Issue On PRTG Network Manager.
  • πŸ”ŽSecurity Issues on Eramba
  • πŸ”ŽSecurity Issues on 3cx Web Service
  • πŸ”ŽSecurity Issues on Samsung Syncthru Web Service
Powered by GitBook
On this page

Security Issues on Eramba

some CVEs found by me and my bros 2018 when i was a Jr

PreviousSecurity Issue On PRTG Network Manager.NextSecurity Issues on 3cx Web Service

Last updated 2 years ago

Me and my coworkers Kelvin Clark and Lucas Carmo, security researchers, found some security issues on the IT Governance, Risk & Compliance application, Eramba

Those Vulnerabilities were:

  • XSS Storaged

  • XSS Reflected on the import CSV error page

  • XSS Reflected on date filter

  • XSS Reflected Search Parameter

First i would like to explain a bit about Cross Site Scripting (XSS)

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page.

On the Proofs of concept reported below i’ve put a script tag with the alert screen showing the Int 1, just to illustrate the issue. Normally a Attacker would put the variable document.cookie, for receiving the session cookie of the user!

Being said that, let’s start the report!

1- XSS Storaged

The payload used was: <”img src=”” onerror=”alert(1);”>

2- XSS Reflected on the import CSV error page

The payload used was: <script>alert(1)</script>

3- XSS Reflected on date filter

The payload used was <script>alert(2)</script>

4- XSS Reflected Search Parameter

The payload used was <script>alert(1)</script>

CVEs Related to this Post:

CVE-2018–7996

CVE-2018–7997

CVE-2018–7894

CVE-2018–7741

For more reading about the issue,

The first cross site script was on the tooltipbox on the

XSS Storaged on the tooltip box

The Second Cross Site Script was on the , in the error page while importing a CSV with a HTML script tag inbued on the file.

XSS Reflected on the import CSV error page

the Third was found in the /crons?advanced_filter=1&created__comp_type=0&created=%3Cscript%3Ealert(2)%3C%2Fscript%3E&created__show=1&type__show=1&execution_time__comp_type=0&execution_time__show=1&status__show=1&_limit=15

XSS Reflected on date filter

The fourth was found in on the >/reviews/filterIndex/ThirdPartyRiskReview? in the parameter advanced_filter.

XSS Reflected Search Parameter
πŸ”Ž
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
https://-address>/programScopes description parameter,
https://<ip-address>/importTool/preview
https://<ip-addres>
http://<ip-address