admin_Secone4all

September 25, 2024

Exploit Title: Reflected XSS in Elaine's Realtime CRM Automation v6.18.17 CVE-2024-42831

Date: 09/2024
Exploit Author: Haythem Arfaoui (CBTW Team)
Vendor Homepage: https://www.elaine.io/
Software Link: https://www.elaine.io/en/products/elaine-marketing-automation/
Version: 6.18.17 and below
Tested on: Windows, Linux
CVE: CVE-2024-42831
———————————-

Description

A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user by injecting a crafted payload into the dialog parameter at wrapper_dialog.php.

Steps to Reproduce:

  1. Navigate to any website that contains Elaine's Realtime CRM Automation.
  2. Access the following endpoint: /system/interface/wrapper_dialog.php
  3. Inject the following payload into the dialog parameter:
    a"%20onafterscriptexecute=alert(document.domain)>
  4. Example Final URL:
    /system/interface/wrapper_dialog.php?dialog=a"%20onafterscriptexecute=alert(document.domain)>

CVE-2024-42831 Summary:

  1. CVE ID: CVE-2024-42831
  2. Vulnerability Type: Reflected Cross-Site Scripting (XSS)
  3. Affected Software: Elaine's Realtime CRM Automation v6.18.17 and below
  4. Vendor: Elaine
  5. Tested on: Windows, Linux
  6. Published Date: September 2024 ———————————-

    Vulnerability Details:

A reflected XSS vulnerability was discovered in the Elaine Realtime CRM Automation v6.18.17. This flaw allows an attacker to inject arbitrary JavaScript into a user's browser by manipulating the dialog parameter in the wrapper_dialog.php endpoint. If a user is tricked into visiting a maliciously crafted URL, this injected script can execute within their browser, potentially leading to the theft of sensitive information like cookies, session tokens, or browser data. ———————————-

Exploitation:

  1. The attacker can craft a malicious URL containing the payload a"%20onafterscriptexecute=alert(document.domain)> within the dialog parameter.

  2. When the victim visits this URL, the payload is reflected and executed in the browser, triggering an alert displaying the domain, which confirms the XSS. ———————————-

    Impact:

  3. Successful exploitation allows an attacker to perform arbitrary actions in the context of the user’s session, leading to various attacks such as stealing credentials, session hijacking, or defacement of the web interface.

Mitigation:

  1. To address this vulnerability, input validation and proper encoding of output should be implemented to prevent untrusted input from being executed as part of a web page.
  2. Updating to a patched version of Elaine's Realtime CRM Automation is recommended.

References:

  1. Elaine Marketing Automation Product Page

Code copied successfully!
Related Articles