Dolibarr CMS 11.0.4 (DMS/ECM Module) - Stored XSS + RCE with Admin Click

Posted on May 17, 2020 in XSS

DMS/ECM Module Overview

The DMS/ECM module is a simple document upload system built into the Dolibarr CRM. You select a file from your filesystem and its uploaded to the webserver. This file can then be shared to other users through a link.

A user must be assigned the …

Continue reading

File Upload via XSS

Posted on January 03, 2020 in XSS

During my studies of web application exploitation I have come across the need to upload a tar plugin file to an application via an XSS payload to achieve remote code execution.

The process that was used to exploit this application is as follows:

  • The administrator triggers a stored XSS which …

Continue reading