Skip to content

Latest commit

 

History

History
54 lines (32 loc) · 2.92 KB

CVE-2024-35581.md

File metadata and controls

54 lines (32 loc) · 2.92 KB
Raw

Stored Cross-Site Scripting Vulnerability in SourceCodester Laboratory Management System :

Vendor: Sourcecodester
Product: Laboratory Management System
Product URL: https://www.sourcecodester.com/php/17268/computer-laboratory-management-system-using-php-and-mysql.html

Executive Summary

Laboratory Management System provides the facility to add Borrowing. It has been observed that the input taken from user is not properly sanitized. This allows the attacker to inject the malicious JavaScript code in the “Borrower Name” input field. The malicious code can then be executed whenever the vulnerable web page is accessed by any user and will remain persistent.

Issue Details

Vulnerability Name: Stored XSS in Borrower Name
Severity: High
Affected URL: http://localhost/php-lms/admin/?page=borrow/view_borrow&id=3
Affected Parameter: Borrower Name
HTTP Method: POST

Issue Description

The web application is vulnerable to Cross-Site Scripting (SXSS) attacks in the "Borrower Name" input field. An attacker can exploit this vulnerability by inputting the malicious JavaScript code in the HTTP POST request to create the user. In the provided example, the attacker modifies the "Borrower Name" parameter to insert a malicious JavaScript Code that can also access the authentication cookies. Proof Of Concept

Configure a web proxy in your browser.

Navigate to the URL in the browser http://localhost/php-lms/admin/?page=borrow/view_borrow&id=3

Fill in the desired data in the input fields . Intercept the request in the web proxy. Modify the lname parameter as shown below and send the request to the server.

"><img src=xonerror=alert(document.cookie)>

Fill all the required details and in the Borrower Name field enter the payload

https://drive.google.com/file/d/1tZ_Vi8DZFR_ePGQj-UVbT1XziCLq8LlS/view?usp=sharing

Impact:

Stored XSS attacks can have serious consequences, such as Account takeover by stealing cookies, stealing sensitive data, modifying the content of the web page, or redirecting users to a malicious sites. Remediation:

Implement proper input validation and output encoding to prevent malicious code from being injected into the web application. Use server-side validation to ensure that user input is properly sanitized before being stored in a database or displayed on a web page. Use output encoding to ensure that any user input that is displayed on the web page is properly encoded to prevent malicious code from being executed. References:

https://portswigger.net/web-security/cross-site-scripting/stored

https://owasp.org/www-community/attacks/xss/ Weakness Enumeration:

CWE-79

This report highlights the Stored XSS vulnerability present in the Borrower Name parameter of http://localhost/php-lms/admin/?page=borrow/view_borrow&id=3, including the Proof of Concept, its impact, remediation steps and references for further guidance on mitigation strategies.