# Exploit Title: Stored Cross Site Scripting Vulnerability leads to hijack the users session
# Date: 2 July 2014
# Exploit Author: Madhu Akula
# Vendor Homepage: http://www.opendocman.com/
# Version : 1.2.7.2
# Severity: High


Description :

About Vulnerability :

Stored attacks are those where the injected script is permanently stored 
on the target servers, such as in a database, in a message forum, 
visitor log, comment field, etc. The victim then retrieves the malicious 
script from the server when it requests the stored information.

Impact :

Attackers can execute scripts in a victim's browser to hijack user 
sessions, deface web sites, insert hostile content, redirect users, 
hijack the user's browser using malware, etc.

For more reference :

https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS) <https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_%28XSS%29>

Steps to Reproduce : (POC)

Login as any user and add a document.

When you are adding a document. Give the name

|"><img src=x onerror=prompt(document.domain)>.png

|

then upload it.

Mitigation :

Not yet fixed and fix will release in next SVN (1.2.7.3)


# References :

https://github.com/opendocman/opendocman/issues/163



Madhu Akula
Information Security Researcher
https://www.twitter.com/madhuakula