CVE-2022-43144: GitHub - mudassiruddin/CVE-2022-43144-Stored-XSS: PoC to exploit CVE-2022-43144

CVE-2022-43144 : Stored-XSS****Description

A cross-site scripting (XSS) vulnerability in Canteen Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

Impact

• Allowing an attacker to hijack the user’s session and take over the account.
• To exploit this vulnerability victim must visit the page where the XXS payload is stored.

Affected Application link

• https://www.sourcecodester.com/php/15688/canteen-management-system-project-source-code-php.html
• https://www.sourcecodester.com/download-code?nid=15688&title=Canteen+Management+System+Project+Source+Code+in+PHP+Free+Download

Proof of concept

Once the application is up and running we can log in.

We have “Add Invoice” feature with in the application.

we can add an invoice and check our entries are made available on the "manage Invoice page".

Let’s add an invoice with a special characters in the contact field.

The application does not perform any encoding of special characters provided by the user.

let’s analyze the source and understand how the application is handling provided data.

It is clear that the application doesn’t perform data validation and trust user-supplied data, we can use the below XSS payload as input which may be stored in the application.

Let’s analyze the source too if there is any data validation in place while storing the data.

The entry provided was added to the database.

We can successfully execute the javascript payload indicating the application is vulnerable to XXS.