Bug Description:
An unauthenticated reflected cross-site scripting (XSS) vulnerability in PHPGurukul Teacher Subject Allocation Management System 1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the "searchdata" field.
Steps to Reproduce:
# Exploit Title: Unauthenticated Reflected cross-site scripting (XSS) vulnerability in PHPGurukul Teacher Subject Allocation Management System
# Date: 05-12-2023
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/teacher-subject-allocation-system-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE :
To reproduce the attack:
1- Head to the http://localhost/tsas/index.php endpoint
2- Here you would be asked to give a value in the "searchdata" parameter. We simply put an XSS payload <script>alert(5)</script>.
3- As soon as you hit "Go" intercept the request and then check the response, you can see the payload directly embedded into the HTML content without proper sanitization or encoding, and hence, a pop-up is shown with the number "5".
4- Although Reflected XSS is not as critical as Stored XSS but still it can be used to steal user session cookies, allowing the attacker to impersonate the victim and perform actions on their behalf and can even redirect users to malicious websites.
Remediation:
1- Validate and sanitize user input on the server side. Ensure that input adheres to expected patterns and formats.
2- Encode user input before displaying it in the HTML output. HTML-encode special characters to prevent them from being interpreted as HTML or JavaScript.