제출 #453609: Talentera Talentera for recruitement agencies (CMS) latest Cross Site Scripting정보

제목Talentera Talentera for recruitement agencies (CMS) latest Cross Site Scripting
설명Description: This vulnerability stems from insufficient sanitization of user-controlled input within the platform. Specifically, the application reflects unvalidated data in the response without proper encoding, allowing attackers to inject malicious JavaScript. This can be used to steal sensitive information, such as session tokens, manipulate content, or perform actions on behalf of the victim. Impact: The impact of this vulnerability is significant as it allows an attacker to execute arbitrary JavaScript in the context of the victim's browser. Potential consequences include: - Compromise of user sessions or sensitive data. - Unauthorized actions performed on behalf of the victim. - Harm to the platform’s reputation and user trust. Steps to Reproduce: - Go to the vulnerable page, e.g., https://TARGET.com/app/control/byt_cv_manager?byt_cv_stage=30&cv_id=93857712&x_cord=0&y_cord=0&width=&height=&original_image=&view=cv-edit&redirect_url=wss://TARGET.com/%0d%0AContent-Type:text/html;charset=utf-8%0D%0A%0D%0A%3Cimg%20src%3Dx%20onerror%3Dalert%281%29&order_from=mycv&csrf_token=&email_action_p=0&upload_file=%ff%d8%ff (as an authenticated user) - Observe that the <img tag is reflected and the javascript event handler is executed within the page. NOTE : We took advantage of the reflection of the redirect_url parameter in the 302 response to exploit a CRLF injection + xss + bypassing the sanitazor using ws:// scheme) to make a full response rewriting . but note that this payload only working in firefox. Proof of Concept: Please see screenshot here: https://cloudphoto.ro/en/OVcHC1Pb3twmFC7 Password: talentera
원천⚠️ https://www.talentera.com/en/recruitment-agencies/
사용자
 NikolaT3sla (UID 30112)
제출2024. 11. 28. AM 11:19 (2 연령 ago)
모더레이션2024. 12. 08. AM 08:59 (10 days later)
상태수락
VulDB 항목287266 [Talentera 까지 20241128 byt_cv_manager redirect_url 크로스 사이트 스크립팅]
포인트들20

Interested in the pricing of exploits?

See the underground prices here!