Headline
CVE-2022-36637: Vulnerability of Garage Management System 1.0
Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php.
About one week ago, author mayurik released Garage Management System 1.0 on https://sourcecodester.com. The web application has a lot of vulnerabilities, so let’s take a look at some of them.
Vendor Homepage: https://www.sourcecodester.com/users/mayurik
Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html
Version: 1.0
Test Environment: Ubuntu 22.04 + Apache2
Sample Vulnerability 1:
Vulnerability: Persistent Cross-site Scripting
Component: Parameter “brand_name” in /brand.php
Credits: Russell Shen
Cause: There is no user input sanitization on parameter “brand_name”.
Simple PoC:
Screenshot of Exploitation:
Sample Vulnerability 2:
Vulnerability: SQL Injection
Component: Parameter “id” in /print.php
Credits: Russell Shen
Cause: There is no user input sanitization on parameter “id”.
Simple PoC:
http://hostname:port/garage/print.php?id=1 ’[SQL Query]
Screenshot of Exploitation:
Sample Vulnerability 3:
Vulnerability: Persistent Cross-site Scripting
Component: Parameter “name” in /client.php
Credits: Chengcheng Tian, Russell Shen
Cause: There is no user input sanitization on parameter “name”.
Simple PoC:
Screenshot of Exploitation:
Sample Vulnerability 4:
Vulnerability: Bad Access Control
Component: Parameter “brand_name” in /brand.php
Credit: Chengcheng Tian, Russell Shen
Cause: /print.php does not verify authentication and authorization.
Simple PoC:
Access http://hostname:port/print.php?id=2
Screenshot of Exploitation:
Post Views: 41