20 lines
No EOL
1 KiB
Text
20 lines
No EOL
1 KiB
Text
# Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation
|
|
# Exploit Author: *Piyush Patil *& Rafal Lykowski
|
|
# Vendor Homepage: https://icehrm.com/
|
|
# Version: 29.0.0.OS
|
|
# Tested on: Windows 10 and Kali
|
|
|
|
#Description
|
|
ICE Hrm Version 29.0.0.OS is vulnerable to session fixation and reflected cross site scripting leading to full account takeover.
|
|
|
|
#Steps to reproduce the attack:
|
|
1-Open 2 different browsers (or one with 2 windows - one of them opened in incognito mode)
|
|
2-Log in to the system,
|
|
3-Paste this payload into the address bar and load it:
|
|
http://localhost:8070/app/?g=admin&n=dashboard&m=21484%27%3bdocument.cookie=%22PHPSESSID=12345;path=/;%22%2f%2f
|
|
It simulates victim executing XSS.
|
|
4-In the incognito window do not log in but just modify session cookie value to 12345.
|
|
5-Navigate to any application url - you will realize that you are authorized. It means that your account was taken over.
|
|
|
|
#Video POC:
|
|
https://drive.google.com/file/d/1egynTGh0XsETgfu7SJtIPv1GZCs1dJ67/view?usp=sharing |