| 제목 | Talentera Talentera for recruitement agencies (CMS) latest Cross Site Scripting |
|---|
| 설명 | Description:
This vulnerability stems from insufficient sanitization of user-controlled input within the platform. Specifically, the application reflects unvalidated data in the response without proper encoding, allowing attackers to inject malicious JavaScript. This can be used to steal sensitive information, such as session tokens, manipulate content, or perform actions on behalf of the victim.
Impact:
The impact of this vulnerability is significant as it allows an attacker to execute arbitrary JavaScript in the context of the victim's browser. Potential consequences include:
- Compromise of user sessions or sensitive data.
- Unauthorized actions performed on behalf of the victim.
- Harm to the platform’s reputation and user trust.
Steps to Reproduce:
- Go to the vulnerable page, e.g., https://TARGET.com/app/control/byt_cv_manager?byt_cv_stage=30&cv_id=93857712&x_cord=0&y_cord=0&width=&height=&original_image=&view=cv-edit&redirect_url=wss://TARGET.com/%0d%0AContent-Type:text/html;charset=utf-8%0D%0A%0D%0A%3Cimg%20src%3Dx%20onerror%3Dalert%281%29&order_from=mycv&csrf_token=&email_action_p=0&upload_file=%ff%d8%ff (as an authenticated user)
- Observe that the <img tag is reflected and the javascript event handler is executed within the page.
NOTE : We took advantage of the reflection of the redirect_url parameter in the 302 response to exploit a CRLF injection + xss + bypassing the sanitazor using ws:// scheme) to make a full response rewriting . but note that this payload only working in firefox.
Proof of Concept:
Please see screenshot here: https://cloudphoto.ro/en/OVcHC1Pb3twmFC7
Password: talentera |
|---|
| 원천 | ⚠️ https://www.talentera.com/en/recruitment-agencies/ |
|---|
| 사용자 | NikolaT3sla (UID 30112) |
|---|
| 제출 | 2024. 11. 28. AM 11:19 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 12. 08. AM 08:59 (10 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 287266 [Talentera 까지 20241128 byt_cv_manager redirect_url 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|