Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Multiples xss in the application request to open a CVE #263

Closed
3v1lC0d3 opened this issue Jun 25, 2024 · 3 comments
Closed

Multiples xss in the application request to open a CVE #263

3v1lC0d3 opened this issue Jun 25, 2024 · 3 comments

Comments

@3v1lC0d3
Copy link

Hello I've found multiples XSS in the application that allow an attacker to steal the administrator session, in one hand this vulnerability represent a hisg risk to the customers and user due to a malicious user will decrease the price of the item in the other hand could lead a denegation of service.

Please contact me to give you a complete report.

image
@kirilkirkov
Copy link
Owner

Hello @3v1lC0d3
can you share here the report of the vulnerabilities and i will fix all of these problems, or make a pull request will fixes and i will merge them. Thank you!

@3v1lC0d3
Copy link
Author

3v1lC0d3 commented Jul 1, 2024
edited
Loading

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

CVSS3:CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:L/MUI:N/MS:U/MC:H/MI:H/MA:H
Severity:High - 8.8

Impact: An attacker could steal the cookie of an admin by injecting JavaScript code due to improper sanitization. Once done, it is possible to modify prices, the existence of products, and more. This could lead to a direct impact on the confidentiality and economy of the business.

This can lead to various security issues, including:

  • Stealing of session cookies
  • Defacement of web content
  • Redirection to malicious sites
  • Execution of arbitrary code in the user's browser

During the application's inspection, many XSS vulnerabilities were found. The report of those vulnerabilities is shown below. I started looking for vulnerabilities because, although there is no payment for finding vulnerabilities, I think it is really important to help others enhance their security.

An XSS (Cross-Site Scripting) vulnerability was identified in the search_title parameter of the web application. This vulnerability allows an attacker to inject arbitrary JavaScript code, which can be executed in the context of the user's browser.

Proof of Concept:
The following payload was used to demonstrate the vulnerability:

`"/<script><script>alert(1)</script>/"

http:https://localhost/ecomerce/admin/products?search_title=%22%2F%3Cscript%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%2F%22`

Steps to Reproduce:

  1. Navigate to the affected URL and locate the search_title parameter.
  2. Inject the payload /<script><script>alert(1)</script>/ into the search_title parameter.
  3. Upon submitting the input, a pop-up alert displaying the number 1 is shown, confirming the execution of injected JavaScript code.
    image

In the same way a XSS (Cross-Site Scripting) vulnerability was identified in the product name parameter of the web application.

Proof of Concept:
The following payload was used to demonstrate the vulnerability:
<script>alert(document.cookie)</script>
Steps to Reproduce:

  1. Navigate to the affected URL and locate the product name parameter(http:https://localhost/ecomerce/vendor/add/product).
  2. Inject the payload <script>alert(document.cookie)</script> into the product name.
    image
  3. Upon submitting the input, a pop-up alert displaying the cookie store , confirming the execution of injected JavaScript code.
    image

image

Similarly, the same vulnerability was identified in the name of a category parameter of the web application.

Proof of Concept:
The following payload was used to demonstrate the vulnerability:

<script>alert("category")</script>

Steps to Reproduce:

  1. Navigate to the affected URL(http:https://localhost/ecomerce/admin/shopcategories) and locate the name of a category parameter.
  2. Inject the payload <script>alert("category")</script> into the name of a category parameter.
    image
  3. Upon submitting the input, a pop-up alert displaying the word category is shown, confirming the execution of injected JavaScript code.
    image

This XSS was different because the javascript code is executed for the customer.
image

Recommendation:
To mitigate this vulnerability, it is recommended to implement proper input validation and output encoding. Specifically:

  • Validate and sanitize all user inputs.
  • Encode output data to ensure that special characters are properly handled.
  • Utilize security libraries or frameworks that provide built-in protection against XSS.

References:
https://owasp.org/www-community/attacks/xss/

@3v1lC0d3 3v1lC0d3 mentioned this issue Jul 1, 2024
Closed
kirilkirkov pushed a commit that referenced this issue Jul 3, 2024
Multiples xss in the application request to open a CVE #263
1b3da45
@kirilkirkov
Copy link
Owner

@3v1lC0d3 All vulnerabilities fixes with this commit - 1b3da45

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kirilkirkov @3v1lC0d3