| 제목 | cross site scripting(xss) in http://localhost/php-sms/admin/?page=system_info of Sanitization Management System |
|---|
| 설명 | A vulnerability was found in SourceCodester Sanitization Management System, the issue affects some unknown processing in the upload feature of the banner images in admin/?page=system_info. The manipulation leads to cross site scripting via file upload.
Exploit reproduction step:
Create a file on your device and name it "><img src=x onerror=alert(document.domain)>".txt
Login to your account
Navigate to http://localhost/php-sms/admin/?page=system_info
Click on the Browse button of the banner images and upload the file you created
Impact:
The link can be created and sent to anyone to steal their session cookies, thereby gaining access to the account which would lead to account takeover.
From inspection the vulnerability is both present in the staff level account and the admin level account. Taking over admin account via the xss leads to session takeover.
How to reproduce App installation
Go to Apachefriends.org
Download xampp for the os you are using-linux/Mac
After the install we want to give the newly installed file an execute privilege
So we Use the command chmod +x yourfilename.run to make your RUN file executable.
Run the file.
Next we need to download the software we would be testing.
Download - https://www.sourcecodester.com/download-code?nid=15770&title=Sanitization+Management+System+Project+in+PHP+and+MySQL+Free+Source+Code
I suppose our new download is in a zip file so we want to extract the file
Copy the php-sms folder to /opt/lampp/htdocs directory on your linux
We ls-list in the /opt/lampp/htdocs directory to make sure the php-sms folder is in there
Now we click on phpmyadmin on the xampp homepage
If it does not run go to /usr/local/bin directory and create a symlink for the lampp
That can be found here: https://smarttech101.com/how-to-install-and-manage-xampp-in-linux/#step_7_make_xampp_more_secure
Once its now running we create a database and name it sms_db, and click on the sql
Navigate on your linux to /opt/lampp/htdocs/php-sms/database open the sql file in there, copy the content and paste it in the sql on phpmyadmin database you created and submit the query.
If it was successful it would be green.
Now we navigate to http://localhost/php-sms/and login with the default credentials username:admin pass:admin123
We can also see the software installation steps from here - https://www.youtube.com/watch?v=CkcshApZK-E&t=2s&ab_channel=SourceCodester
|
|---|
| 사용자 | urban (UID 35701) |
|---|
| 제출 | 2022. 11. 14. PM 01:40 (4 연령 ago) |
|---|
| 모더레이션 | 2022. 11. 14. PM 05:58 (4 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 213571 [SourceCodester Sanitization Management System Banner Image admin/?page=system_info 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|