Skip to content

Latest commit

 

History

History
54 lines (29 loc) · 2.91 KB

note_sharing_storedxss..md

File metadata and controls

54 lines (29 loc) · 2.91 KB
Raw

Online Notes Sharing System

Bug Description:

A Stored cross-site scripting (XSS) vulnerability in Online Notes Sharing System 1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the "Name" and "Email" field.

Steps to Reproduce:

# Exploit Title: Stored cross-site scripting (XSS) vulnerability in Online Notes Sharing System
# Date: 20-12-2023
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/online-notes-sharing-system-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE :

To reproduce the attack:

1- First login to the application then head to the http://localhost/onss/user/profile.php endpoint

2- Then click on "Update" and capture the request in Burp Intercept.

1

3- Here, we will change the value of "Full Name" and "Email" parameter to payloads for XSS. In the "name" parameter we put "><script>alert(2)</script> and in the "email" parameter we put "><script>alert(document.cookie)</script> the rest of parameter we leave as it is.

2

4- We then forward the request. We see in the browser that the payloads got executed, first the payload in the "name" parameter got executed displaying a "2" and then the payload in the "email" parameter got executed displaying the Cookie in the popup.

3 4

5- This shows us that, the user input is directly embedded into the HTML content without proper sanitization or encoding. The strings "><script>alert(2)</script> and "><script>alert(document.cookie)</script> is rendered as part of the HTML, making it vulnerable to script injection.

6- Stored XSS is a high severity vulnerability as, Attackers can steal sensitive information, such as login credentials, session tokens, or personal details, from users who unknowingly execute the malicious script. If a user with administrative privileges is affected, attackers can hijack their session, gaining unauthorized access to sensitive areas of a website or application.

Remediation:

1- Implement strict input validation on both the client and server sides. Validate and sanitize user input to ensure that it does not contain malicious code.

2- Encode user-generated content before rendering it in the browser. This helps to neutralize any malicious scripts and ensures that user input is treated as data, not executable code.