Lucene search

K
packetstormRohit BurkePACKETSTORM:162631
HistoryMay 19, 2021 - 12:00 a.m.

COVID19 Testing Management System 1.0 Cross Site Scripting

2021-05-1900:00:00
Rohit Burke
packetstormsecurity.com
146
cross site scripting
admin profile
xss payload
input validation
cookie theft
vulnerable parameter
reproduction steps
phpgurukul
`# Exploit Title: COVID19 Testing Management System 1.0 - 'Admin name' Cross-Site Scripting (XSS)  
# Date: 19/05/2021  
# Exploit Author: Rohit Burke  
# Vendor Homepage: https://phpgurukul.com  
# Software Link: https://phpgurukul.com/covid19-testing-management-system-using-php-and-mysql/  
# Version: 1.0  
# Tested on: Windows 10  
  
==> Stored Cross-Site Scripting XSS:  
An attacker uses Stored XSS to inject malicious content (referred to as  
the payload), most often JavaScript code, into the target application. If  
there is no input validation, this malicious code is permanently stored  
(persisted) by the target application, for example within a database. For  
example, an attacker may enter a malicious script into a user input field  
such as a blog comment field or in a forum post.  
When a victim opens the affected web page in a browser, the XSS attack  
payload is served to the victim’s browser as part of the HTML code (just  
like a legitimate comment would). This means that victims will end up  
executing the malicious script once the page is viewed in their browser.  
  
==> Attack Vendor:  
This vulnerability can results attacker injecting the XSS payload in the  
Admin profile section and each time admin visits the all other sections of  
the application the XSS triggers and the attacker can able to steal the  
cookie according to the crafted payload.  
  
==> Vulnerable Parameters:  
"Admin name" parameter  
  
==> Steps for reproduce:  
  
1) Go to http://localhost/covid-tms/login.php  
and logged In as an Admin (#Username: admin #Password: Test@123).  
  
2) Click on (Admin --> Profile). Enter the payload in  
Admin name = <script>alert(1337)</script>   
Click on submit.  
  
3) Now, whichever section of the application admin visits the payload gets executed successfully.  
`