| タイトル | PHPGurukul Nipah Virus Testing Management System 1.0 Stored Cross Site Scripting |
|---|
| 説明 | Bug Description:
A Stored cross-site scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) – Testing Management System 1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the "Employee Id" and "Full Name" field.
Steps to Reproduce:
# Exploit Title: Stored cross-site scripting (XSS) vulnerability in PHPGurukul Nipah virus (NiV) – Testing Management System
# Date: 30-11-2023
# Exploit Author: dhabaleshwardas
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/nipah-virus-niv-testing-management-system-using-php-and-mysql/
# Version: 1.0
# Tested on: firefox/chrome/brave
# CVE :
To reproduce the attack:
1- First login to the application then head to the http://localhost/nipah-tms/add-phlebotomist.php endpoint
2- Then click on "Add Phlebotomist" then put any random data in "Employee Id" , "Full Name" and "Mobile Number" parameter.
3- Then click on "Submit" and intercept the request. We then change the random values to payloads for XSS, in the "empid" parameter we put "><script>alert(3)</script> and in the "fullname" parameter we put "><script>alert(document.cookie)</script> the rest of parameter we leave as it is.
4- We then forward the request. We see in the browser that the payloads got executed, first the payload in the "empid" parameter got executed displaying a "3" and then the payload in the "fullname" parameter got executed displaying the Cookie in the popup.
5- Here, user input is directly embedded into the HTML content without proper sanitization or encoding. The strings "><script>alert(3)</script> and "><script>alert(document.cookie)</script> is rendered as part of the HTML, making it vulnerable to script injection.
5- Stored XSS is a high severity vulnerability as, Attackers can steal sensitive information, such as login credentials, session tokens, or personal details, from users who unknowingly execute the malicious script. If a user with administrative privileges is affected, attackers can hijack their session, gaining unauthorized access to sensitive areas of a website or application.
Remediation:
1- Implement strict input validation on both the client and server sides. Validate and sanitize user input to ensure that it does not contain malicious code.
2- Encode user-generated content before rendering it in the browser. This helps to neutralize any malicious scripts and ensures that user input is treated as data, not executable code. |
|---|
| ソース | ⚠️ https://github.com/dhabaleshwar/niv_testing_sxss/blob/main/exploit.md |
|---|
| ユーザー | dhabaleshwar (UID 58737) |
|---|
| 送信 | 2023年11月30日 07:34 (3 年 ago) |
|---|
| モデレーション | 2023年11月30日 14:10 (7 hours later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 246445 [PHPGurukul Nipah Virus Testing Management System 1.0 add-phlebotomist.php empid/fullname クロスサイトスクリプティング] |
|---|
| ポイント | 20 |
|---|