You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Authentication: None is required to perform attack.
Additional Items
Escalation of Privileges/Account Takeover may possible via Cookie Stealing. A working payload is still being developed, but retrieving the cookie for the admin user may be possible via XSS and can be utilized by the low level user to escalate privileges.
Problem
Cross-Site Scripting (Stored)
Root Cause
A Stored Cross Site Scripting vulnerability was identified in the User Registration (signup.php) of the 'Online Blood Bank Management System' project, that affects both the 'register.php' and /admin/user.php application components. Malicious code can be injected within both the 'user' parameter due to improper sanitization, filtering, sanitization and implementation of other XSS prevention mechanisms.
Impact
Attackers can exploit this to achieve account takeover and obtain a session as the administrative user or other users of the application.
Description
In Version 1.0 of the Online Blood Bank Management application, A Stored Cross Site Scripting vulnerability was identified in the User Registration (signup.php) of the 'Online Blood Bank Management System' project, that affects both the 'register.php' and /admin/user.php application components. Malicious code can be injected within both the 'user' parameter due to improper sanitization, filtering, sanitization and implementation of other XSS prevention mechanisms.
Input validation on arrival should be as strict as possible. Any input that fails validation requirements should be rejected; not sanitized. All user input should be HTML-encoded at any point where it is copied into an application’s response. Any HTML metacharacters (< > “ ‘ and = ) should be replaced with the corresponding HTML entities (< > etc.) In the case where the application’s intended functionality allows users to author content using restricted subsets of HTML tags and attributes, it would be necessary to parse user-supplied HTML to validate there is no dangerous syntax being used.
The text was updated successfully, but these errors were encountered:
Stored XSS in Online Blood Bank Management System V1.0
Affected Product
Online Blood Bank Management System
Vendor Homepage
https://itsourcecode.com/free-projects/php-project/online-blood-bank-management-system-in-php-with-source-code/
Affected files/Files used in the Attack
/bloodbank/signup.php
/bloodbank/register.php
/admin/bloodbank/user.php
Version
1.0
Vulnerable Software
https://itsourcecode.com/wp-content/uploads/2021/02/Blood-Bank-Management-System-in-Php-with-Source-Code-1.zip
Requirements
Authentication: None is required to perform attack.
Additional Items
Escalation of Privileges/Account Takeover may possible via Cookie Stealing. A working payload is still being developed, but retrieving the cookie for the admin user may be possible via XSS and can be utilized by the low level user to escalate privileges.
Problem
Cross-Site Scripting (Stored)
Root Cause
A Stored Cross Site Scripting vulnerability was identified in the User Registration (signup.php) of the 'Online Blood Bank Management System' project, that affects both the 'register.php' and /admin/user.php application components. Malicious code can be injected within both the 'user' parameter due to improper sanitization, filtering, sanitization and implementation of other XSS prevention mechanisms.
Impact
Attackers can exploit this to achieve account takeover and obtain a session as the administrative user or other users of the application.
Description
In Version 1.0 of the Online Blood Bank Management application, A Stored Cross Site Scripting vulnerability was identified in the User Registration (signup.php) of the 'Online Blood Bank Management System' project, that affects both the 'register.php' and /admin/user.php application components. Malicious code can be injected within both the 'user' parameter due to improper sanitization, filtering, sanitization and implementation of other XSS prevention mechanisms.
Proof-of-Concept
Sample Request
Vulnerability Type
Stored Cross Site Scripting
Vulnerable Location
SIgnup page (POST made to /register.php), user parameter
Test Payload
tab=on&user=<script>alert(window.origin)</script>&pass=pass&useremail=test%40email&bloodgroup=A&gender=male&sub=Sign+upSuccessful Exploitation
Remediation
Input validation on arrival should be as strict as possible. Any input that fails validation requirements should be rejected; not sanitized. All user input should be HTML-encoded at any point where it is copied into an application’s response. Any HTML metacharacters (< > “ ‘ and = ) should be replaced with the corresponding HTML entities (< > etc.) In the case where the application’s intended functionality allows users to author content using restricted subsets of HTML tags and attributes, it would be necessary to parse user-supplied HTML to validate there is no dangerous syntax being used.
The text was updated successfully, but these errors were encountered: