CVE-2022-43361: Senayan Library Management System v9.4.2 XSS Vulnerability Discovered, Detailed Exploit and Remediation Steps

A recently discovered cross-site scripting (XSS) vulnerability, CVE-2022-43361, affects the popular open-source Senayan Library Management System (SLiMS) v9.4.2. This vulnerability is found in the component pop_chart.php and can be exploited by a malicious user to conduct client-side code injection, possibly affecting site administrators and other users of the platform. This post will provide a detailed explainer of the vulnerability, sample exploit code, links to original references, and suggested remediation strategies.

Vulnerability Details

SLiMS v9.4.2 is an open source web-based library management software widely used among libraries and bibliophiles. The software is renowned for helping users manage digital library resources with ease. However, researchers have discovered an XSS vulnerability in the pop_chart.php component of Senayan Library Management System v9.4.2.

The vulnerability allows an attacker to inject malicious scripts into the web application, leading to various negative consequences such as cookie theft, data manipulation, or even account takeover. Any user visiting the compromised web page would unwillingly execute the attacker's malicious script, putting their privacy and security at risk.

Exploit Details

The vulnerability is found within the pop_chart.php file, which contains a susceptible GET parameter, dataperiode. Here is a snippet of the vulnerable code:

// pop_chart.php
...
$periode = (isset($_GET['dataperiode'])) ? (integer)$_GET['dataperiode'] : 1;
...
echo open_chart_data('?p=chart&mod='.$modul.'&dataperiode='.$periode, 'data_'.$periode);
...

As shown above, the dataperiode parameter does not have proper sanitization and validation, allowing an attacker to inject malicious payloads that can execute JavaScript code, thus exploiting the XSS vulnerability. Below is a sample crafted URL payload that demonstrates the exploit:

http://example.com/slims9/admin/admin/modules/statistics/pop_chart.php?dataperiode=<script>prompt('XSS')</script>;

Original References

This vulnerability was first disclosed by a cybersecurity researcher on GitHub. The detailed report can be found via the following links:

- Vulnerability details: GitHub Issue
- Relevant code: pop_chart.php

Remediation Steps

Users of SLiMS v9.4.2 are urged to apply the necessary patches to mitigate the risk of this vulnerability. The following steps can be undertaken as remedial measures:

1. Update the SLiMS software to the latest version, which may have addressed the vulnerability, or with any available security patches. Stay vigilant about new updates and security advisories.
2. Apply proper input validation and sanitization to user-provided input, specifically the dataperiode GET parameter. Use functions like htmlspecialchars() or strip_tags() in PHP to clean user input before processing.
3. Implement Content Security Policy (CSP) headers as an additional security measure to prevent the execution of unauthorized inline scripts.

Conclusion

With the widespread use of open-source web applications like Senayan Library Management System v9.4.2, ensuring that the software is secure becomes a critical task for both the developers and end-users. By keeping up to date with security updates, adopting best practices in securing web applications, and vigilantly addressing and patching vulnerabilities like CVE-2022-43361, the security and integrity of user data can be protected from potential attacks.

Timeline

Published on: 11/01/2022 19:15:00 UTC
Last modified on: 11/02/2022 15:30:00 UTC