Cross-site Scripting (XSS) On Small Crm Portal CVE-2023–43331

Kartik Garg
3 min readSep 23, 2023

--

Welcome back people! I am Kartik Garg, A Cyber Security Researcher, Security Auditor & a part time Bug Hunter.

Today In this write-up i will discuss about how I found Stored XSS Vulnerability On A small Crm Project To Get CVE-2023–43331 . In the end i will share some of my payloads that i use!

Wait guys now I am going to tell you how I escalated that. Thanks to Krishna Aggarwal, Smith Gharat, sir & my fellow mates for their mentorship. Are you guys ready to check out the Steps of Reproduction.

Before i start let’s we discuss about What is XSS and whats its types.. etc!

What is XSS ?

Cross-Site Scripting (XSS) is a prevalent web application vulnerability that occurs when an attacker injects malicious code, usually in the form of JavaScript, into a vulnerable web application. The malicious code is executed by the victim’s web browser, potentially leading to data theft, session hijacking, or even complete control over the affected user’s account.

So Lets Start How I get CVE-2023–43331.

While testing different CRMs I hosted a crm called Small CRM on XAMPP and during testing I found that it is vulnerable to XSS

To Download XAMPP:

https://www.apachefriends.org/

Then i Hosted the project in localhost & do configuration. After this The Crm start or its first look :

Then I login into the Admin Account using Default Credentials Provide into the project.

So, I manually Check All function, after 1–2 hours i found a vulnerable parameter in user name filed then I put this payload in the user name section.

"><svg onload=alert(1)>
"><img src=z onerror=alert(document.cookie)>

Damm! It was successfully injected and Pop-up visible on the screen And boom! and result was:

Then I thought that I should escalate this, and I started to inject other XSS payload. So I put this payload in the user name section.

<img src="http://<YOUR IP:PORT">

OMG! I got an HTTP interaction from the server.

HTMl To SSRF

Then I told my friend & he help me to reported that issue to the security team. After 10 days, they replied me this

Thats time I was like:

I hope you guys enjoy the blog.

Linkedin: https://www.linkedin.com/in/kartik-garg-6370b6232

Twitter: https://twitter.com/kartikxwd

--

--

Kartik Garg
Kartik Garg

Written by Kartik Garg

Cyber Security Researcher | Security Auditor | Penetration Tester | Web Application Tester | Bug Hunter | https://twitter.com/kartikxwd