← Advisories

R-Scripts VRS 7R Multiple Stored XSS And CSRF Vulnerabilities

Medium
Advisory ID
ZSL-2015-5274
Release Date
11 November 2015
Vendor
R-Scripts - http://www.r-scripts.com
Affected Version
7R
CVE
N/A
Tested On
Apache/2.2.29, PHP/5.3.29
Summary

PHP Vacation Rental Script is the best solution for your vacation rentals online business.

Description

The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Stored cross-site scripting vulnerabilitity was also discovered. The issue is triggered when input passed via multiple POST parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Proof of Concept
vrs_csrfxss.txtTXT
Disclosure Timeline
01.10.2015Vulnerabilities discovered.
11.11.2015Vendor contacted.
11.11.2015Vendor responds asking more details.
11.11.2015Sent details to the vendor.
11.11.2015Vendor informs that csrf protection exists but not by default.
11.11.2015Vendor enables csrf protection to be by default.
11.11.2015Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://www.exploit-db.com/exploits/38684/
[2]https://packetstormsecurity.com/files/134318
[3]https://cxsecurity.com/issue/WLB-2015110092
[4]https://exchange.xforce.ibmcloud.com/vulnerabilities/107975
[5]https://exchange.xforce.ibmcloud.com/vulnerabilities/107976
Changelog
11.11.2015Initial release
14.11.2015Added reference [1], [2], [3], [4] and [5]