EPESI 1.8.2 rev20170830 - Cross-Site Scripting

Zeeshan Shaikh 2017-10-03 webapps php
# Exploit Title: Multiple Stored XSS in EPESI
# Date: 10/03/2017
# Exploit Author: Zeeshan Shaikh
# Vendor Homepage: http://epe.si/
# Software Link: http://epe.si/download/
# Version: 1.8.2 rev20170830
# CVE : CVE-2017-14712 to CVE-2017-14717
# Category: webapps


XSS 1 (Tasks - Title)
Steps to recreate:
1. Home->Tasks->add new
2. Enter title as "MYTITLE" and fill required details but don't click save
3. Start interceptor and intercept request
4. click save
5. Now replace MYTITLE with "alertme"(without
quotes)
6. Home->click on alertme

XSS 2 (Tasks - Description)
Steps to recreate:
1. Create a new task and fill description as "MYDESC" but don't click on
save
2. Start intercepting request and then click save on browser
3. Now replace MYDESC with ""
4. Go to Home(make sure task applet is there) -> Mouseover on i icon

XSS 3 (Tasks/Phonecall - Notes - Title)
Steps to recreate:
1. Home->Tasks/PhoneCall->Notes->add new
2. Steps same as XSS 1
3. Click on alertme in notes section

XSS 4 (Tasks - Alerts - Title)
Steps to recreate:
1. Home->Tasks->Notes->add new
2. Steps same as XSS 1
3. Click on alertme in alerts section

XSS 5 (Phonecalls - Subject)
Steps to recreate:
1. Create a new phonecall and fill subject as "MYSUB" but don't click on
save
2. Start intercepting request and then click save on browser
3. Now replace MYSUB with ""
4. Go to Home(make sure task applet is there) -> Mouseover on i icon

XSS 6 (Phonecalls - Description)
Same as XSS 5