제출 #79427: Stored Cross-Site Scripting (XSS) vulnerability in PHPGURUKUL Bank Locker Management System 1.0 allows attackers to execute arbitrary code on administrator's browser정보

제목	Stored Cross-Site Scripting (XSS) vulnerability in PHPGURUKUL Bank Locker Management System 1.0 allows attackers to execute arbitrary code on administrator's browser
설명	# DESCRIPTION A Stored Cross-Site scripting (XSS) vulnerability has been discovered in the PHPGURUKUL Bank Locker Management System 1.0. The vulnerability exists in the Assign Locker feature, where a user can inject a malicious XSS payload into their username when filling out the form. The payload is then stored on the server and subsequently displayed to other users without proper validation or sanitization. An attacker can exploit this vulnerability by tricking an administrator into editing the assign-locker of the same user, causing the XSS payload to execute in the administrator's browser. This can allow an attacker to steal sensitive information, perform actions on behalf of the administrator, or redirect the administrator to a malicious site. # VULNERABILITY-TYPE : STORED-CROSS-SITE SCRIPTING (XSS) # VENDOR OF THE PRODUCT : PHPGURUKUL # AFFECTED PRODUCT : Bank Locker Management System # VERSION: 1.0 # ATTACK TYPE : REMOTE # IMPACT: CODE EXECUTION # AFFECTED COMPONENTS: SOURCE-CODE(add-locker-form.php) # ATTACK VECTOR: Add Locker Form (ahname parameter) # TESTED-ON : WINDOWS 11 + XAMPP # REFERENCES CWE-79: https://cwe.mitre.org/data/definitions/79.html # PROOF_OF_CONCEPT https://github.com/ctflearner/Vulnerability/blob/main/Bank_Locker_Management_System/BLMS_XSS_IN_ADMIN_BROWSER.md # STEPS_TO_REPRODUCE 1. NAVIGATE TO THIS URL `http://localhost/BLMS/banker/index.php` AND LOGIN AS A NORMAL USER BY GIVING YOUR USER CREDENTIALS 2. NAVIGATE TO `ASSIGN LOCKER` TAB FROM THE LEFT PANEL AND SELECT `ADD` 3. IT WILL REDIRECT YOU TO THIS URL:`http://localhost/BLMS/banker/add-locker-form.php` 4. Fill up the form by adding default value and in the place of lockernumber and keynumber put any random number and in the `name` parameter put the below payload 5. PAYLOAD : XSS-USER"><iMg SrC="x" oNeRRor="alert(document.domain);"> 6. AFTER FILLING-UP THE FORM AND CLICKING ON SUBMIT BUTTON , LOGOUT FROM USER ACCOUNT AND LOG-IN WITH ADMIN ACCOUNT BY GIVING CREDENTIAL 7. NAVIGATE TO `ASSIGN LOCKER` TAB FROM THE `LEFT PANEL` AND SELECT `MANAGE` YOU WILL BE REDIRECTED TO THIS URL `http://localhost/BLMS/banker/manage-locker-form.php` 8. THEN SEARCH FOR THE `USER LOCKER NUMBER` , MY `LOCKER-NUMBER` IS `889900` THEN IN THE `ACTION TAB` CLICK ON `EDIT SECTION` YOU WILL SEE THAT YOUR XSS-PAYLOAD GET EXECUTED
원천	⚠️ https://phpgurukul.com/bank-locker-management-system-using-php-and-mysql/
사용자	Affan (UID 39417)
제출	2023. 01. 28. PM 03:28 (3 연령 ago)
모더레이션	2023. 01. 28. PM 11:23 (8 hours later)
상태	수락
VulDB 항목	219717 [PHPGurukul Bank Locker Management System 1.0 Assign Locker add-locker-form.php ahname 크로스 사이트 스크립팅]
포인트들	20

◂ 이전 개요 다음 ▸

Want to know what is going to be exploited?

We predict KEV entries!