Reflected XSS on multiple locations and parameters in unilogies/bumsys

Valid

Reported on

Nov 2nd 2022

Description

The user input is not being sanitized properly on multiple locations and on different parameters leading to XSS.

Proof of Concept

https://demo.bumsys.org/reports/sales-report/?salesDate="><body%20onpageshow=alert(1)>

Payload

"><body%20onpageshow=alert(1)>

Impact

  1. Perform any action within the application that the user can perform.
  2. View any information that the user is able to view.
  3. Modify any information that the user is able to modify.
  4. Initiate interactions with other application users, including malicious attacks, that will appear to originate from the initial victim user.

Occurrences

id parameter is vulnerable.

POST parameter salesId is vulnerable.

val parameter is vulnerable.

id parameter is vulnerable.

pqnt parameter is vulnerable.

POST parameter productCode is vulnerable.

salesDate is vulnerable.

val parameter is vulnerable. Line 1747 is also vulnerable.

POST parameter productCode is vulnerable.

id parameter is vulnerable.

POST paymentChequeNo parameter is vulnerable.

id parameter is vulnerable.

POST parameter advanceCollectionId is vulnerable.

POST parameter paymentChequeNo is vulnerable

val parameter is vulerable.

val parameter is vulnerable.

dateRange parameter is vulnerable.

id parameter is vulnerable.

paymentType and dateRange parameters are vulnerable.

paymentType and dateRange parameters are vulnerable.

val parameter is vulnerable.

paymentType and dateRange parameters are vulnerable.

POST parameter shopAdvanceCollectionId is vulnerable.

POST salaryTypes parameter is vulnerable.

POST dueBillPaymentChequeNo parameter is vulnerable.

POST paymentChequeNo parameter is vulnerable.

POST parameter receivedPaymentId is vulnerable.

POST salaryType parameter is vulnerable.

id parameter is vulnerable.

POST parameter userLanguage is vulnerable.

cid and dateRange parameters are vulnerable.

We are processing your report and will contact the unilogies/bumsys team within 24 hours. a year ago
A GitHub Issue asking the maintainers to create a SECURITY.md exists a year ago
Joel Verghese modified the report
a year ago
Joel Verghese modified the report
a year ago
We have contacted a member of the unilogies/bumsys team and are waiting to hear back a year ago
unilogies/bumsys maintainer
a year ago

Maintainer

Opps. Thanks again @krizzsk. I will fix the issue as soon as possible. Your work is really great.

Khurshid Alam

Khurshid Alam validated this vulnerability a year ago
Joel Verghese has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
unilogies/bumsys maintainer
a year ago

Maintainer

Dear Brother, Sorry for the delay.

All of the issue you have mentioned has been solved. Please check and let me if it is okay. Thank you

Khurshid Alam

We have sent a fix follow up to the unilogies/bumsys team. We will try again in 7 days. a year ago
unilogies/bumsys maintainer marked this as fixed in v1.0.3-beta with commit 9ddce6 a year ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
Joel Verghese
a year ago

Researcher

Hi, I can confirm the fix.

Cheers, @krizzsk

unilogies/bumsys maintainer gave praise a year ago
Thank you @krizzsk
The researcher's credibility has slightly increased as a result of the maintainer's thanks: +1
unilogies/bumsys maintainer published this vulnerability a year ago
unilogies/bumsys maintainer
a year ago

Maintainer

Hello @krizzsk, I hope you are doing well.

I need some help about SQL Injection Attack. Could you please help us by finding if there any issue regarding SQL Injection?

Looking forward to hear you soon. Thank you

to join this conversation