Stored XSS Vulnerability in PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9-[CVE-2018-7469]
[+] Credits: Neeraj Kumar
Vendor:
====================
https://www.phpscriptsmall.com/
Product:
===================
Entrepreneur Job Portal Script 2.0.9
Link to access the Product:
=====================
https://www.phpscriptsmall.com/product/entrepreneur-job-portal-script/
Vulnerability Type:
==========================
Cross site scripting - Stored XSS
CVE Reference:
==============
CVE-2018-7469
Vulnerability Details:
======================
PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 Application is vulnerable to stored XSS within the "Industry Type" function in 'Manage Site'. Within the Industry Type section the application does not sanitize user supplied input and renders injected javascript code to the users browsers. Also with this injection, it affects the user page. An attackers use this vulnerability to inject malicious javascript code such as hijack user sessions, malicious redirect, deface web sites, insert hostile content, redirect users, hijack the user’s browser using malware, etc.
XSS Exploit code(s):
====================
<script>alert("document.cookie")</script>
Affected Component:
====================
Field Name: Edit Category Name
Parameter Name: p_name
Proof-of-Concept:
====================
1. Login into the admin site.
2. Goto “Categories - Industry Type".
3. Put <script>alert("document.cookie")</script> in Edit Category Name field. and save it.
4. Access the below pages:
Admin login- (Use below link to inject the XSS payload)
http://freelancewebdesignerchennai.com/demo/job-portal/admin/categories_industry.php?action=edit&id=52.
5. You will get the "cookie value" pop up by accessing the below links.
a.Admin login-
http://freelancewebdesignerchennai.com/demo/job-portal/admin/categories_industry.php
b.Normal User Login-
http://freelancewebdesignerchennai.com/demo/job-portal/
Figure (a): Stored XSS on Admin Portal
|
=====================
Mitre Notification: February 25, 2018
Public Disclosure: February 28, 2018
Attack Type:
=======================
Remote
Impact Code execution:
=======================
True
Impact Information Disclosure:
=======================
True
Description:
=====================================================
Request Method(s): [+] POST
Vulnerable Product: [+] PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9
Vulnerable Parameter(s): [+] p_name
References:
=====================================================
https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS)
[+] Disclaimer:
=====================================================
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c).
ReplyDeleteThanks for sharing with us your wisdom.This will absolutely going to help me in my projects .
PHP Training in Chennai
PHP Training
Thanks For Your valuable posting, it was very informative
ReplyDeleteEducation
Technology