Skip to content

Instantly share code, notes, and snippets.

@svennergr

svennergr/0-CVE-2019-16416-summary.md

Last active May 7, 2020 15:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save svennergr/501409fbdb0ef4a8b0f07a26a2815fbb to your computer and use it in GitHub Desktop.
Save svennergr/501409fbdb0ef4a8b0f07a26a2815fbb to your computer and use it in GitHub Desktop.
Download ZIP
Writeup for CVE-2019-16416
Raw
0-CVE-2019-16416-summary.md

Summary

A cross-site-scripting (XSS) issue was discovered in HRworks (classic) 3.36.9. An attacker could exploit this by storing persistent scripts which would lead to unwanted code execution when visiting an affected page.

Export Title

Stored XSS - HRworks (classic) v3.36.9

Vendor Homepage

https://www.hrworks.de

Exploit Author

Sven Grossmann / Lufthansa Industry Solutions

Contact

https://github.com/svennergr / https://twitter.com/svennergr

Website

https://www.lufthansa-industry-solutions.com

Category

webapps

CVE

CVE-2019-16416

Raw
1-CVE-2019-16416-timeline.md

Timeline

  • 2019-09-16 Disclosure to vendor
  • 2019-09-18 Vendor informed, that the will be fixed with the next product version (v3.37.0)
  • 2019-09-23 Vendor published a fixed product version (v3.37.0)
Raw
2-CVE-2019-16416-poc.md

Proof of Concept

  1. Open HRWorks (classic).
  2. Create new a travel expense report.
  3. Enter as the purpose of the report: test<<img src="." onerror=javascript:alert(1)//
  4. The HTML/JS will be executed when opening the report or showing the report's purpose in the overview.

As investigated further fields of the formular might be vulnerable.

Also see CVE-2019-16416-poc-1.jpg and CVE-2019-16416-poc-2.jpg.

Raw
3-CVE-2019-16416-solution.md

Solution

As date of publication all versions above 3.37.0 are save to use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment