A Stored Cross Site Scripting attack occurs when a malicious script is injected directly into a vulnerable web application. Every time the infected page is viewed, the malicious script is transmitted to the victim’s browser.
In Peel Shopping 9.4.0, a user supplied polyglot payload in the "Address" field of the "Change my credentials" form (change_params.php) is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.
CVE-2021-27190 updated
Vulnerability
Stored Cross Site Scripting (XSS) in the "Address" field of "http://localhost/peelshopping_9_4_0/utilisateurs/change_params.php"
Affects
Peel Shopping 9.4.0
Description
A Stored Cross Site Scripting attack occurs when a malicious script is injected directly into a vulnerable web application. Every time the infected page is viewed, the malicious script is transmitted to the victim’s browser.
In Peel Shopping 9.4.0, a user supplied polyglot payload in the "Address" field of the "Change my credentials" form (change_params.php) is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc.
Proof of Concept
Log in to your account
Navigate to the "Change my credentials" page (http://localhost/peel_9_4_0/utilisateurs/change_params.php)
Paste the below payload in the "Address" field
Click on "Change"
You will now get an alert box indicating that the malicious script has executed.
References
You can refer to this repository for reference: https://github.com/vulf/Peel-Shopping-cart-9.4.0-Stored-XSS
You can find the Proof of Concept video at https://drive.google.com/file/d/1cngTLXe3Nf2tHozcYmvnxFRbK6_VWHkL/view?usp=sharing
References for Mitigation Vulnerability
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
The text was updated successfully, but these errors were encountered: