User Management System 2.0 Cross Site Scripting ↭ – Digitalmunition




Exploit/Advisories no-image-featured-image.png

Published on April 23rd, 2020 📆 | 7513 Views ⚑

0

User Management System 2.0 Cross Site Scripting ↭

# Exploit Title: User Management System 2.0 – Persistent Cross-Site Scripting
# Author: Besim ALTINOK
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/
# Version: v2.0
# Tested on: Xampp
# Credit: İsmail BOZKURT

—— Details:

1- Vulnerable code is here:

Insert user registration information to the DB without filtering.

if(isset($_POST[‘signup’]))
{
$fname=$_POST[‘fname’];
$lname=$_POST[‘lname’];
$email=$_POST[’email’];
$password=$_POST[‘password’];
$contact=$_POST[‘contact’];
$enc_password=$password;
$msg=mysqli_query($con,”insert into
users(fname,lname,email,password,contactno)
values(‘$fname’,’$lname’,’$email’,’$enc_password’,’$contact’)”);
if($msg)
{
echo ““;
}
}

2- In the admin dashboard:

Get fullName from DB and print it without any filtering

< ?php $ret=mysqli_query($con,"select * from users");
$cnt=1;
while($row=mysqli_fetch_array($ret))
{?>
< ?php echo $cnt;?>

< ?php echo $row['fname'];?>

< ?php echo $row['lname'];?>

< ?php echo $row['email'];?>

< ?php echo $row['contactno'];?>< ?php echo
$row[‘posting_date’];?>

4- If we insert value of the “fname” as “script>prompt(1)”, we can
perform this attack as “Stored XSS”

Source link

Tagged with:



Leave a Reply

Your email address will not be published. Required fields are marked *


loading...