Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)

vendor:

Bus Pass Management System

by:

Emre Aslan

8,8

CVSS

HIGH

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Bus Pass Management System

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:phpgurukul:bus_pass_management_system

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 11 - XAMPP Server

2021

Bus Pass Management System 1.0 – ‘adminname’ Stored Cross-Site Scripting (XSS)

Bus Pass Management System 1.0 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject malicious payloads into the 'adminname' POST parameter of the /admin/admin-profile.php page. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. To exploit this vulnerability, an attacker must have valid credentials to login to the dashboard and set the 'adminname' parameter with the malicious payload.

Mitigation:

Input validation should be used to prevent the injection of malicious HTML and script code. The application should also use a whitelist of accepted inputs to prevent the injection of malicious code.

Source

Exploit-DB raw data:

# Exploit Title: Bus Pass Management System 1.0 - 'adminname' Stored Cross-Site Scripting (XSS)
# Date: 2021-09-08
# Exploit Author: Emre Aslan
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/wp-content/uploads/2021/07/Bus-Pass-Management-System-Using-PHP-MySQL.zip
# Version: 1.0
# Tested on: Windows 11 - XAMPP Server

# Vulnerable page: host/admin/*

# Vulnerable Code: <div class="user-info"><div><strong>Admin[PAYLOAD]</strong></div>

# Vulnerable Parameter: adminname[ POST Data ]

# Tested Payload: <svg/onload=alert('XSS')>

# Proof Of Concept:

# 1 - Login the dashboard
# 2 - Go to /admin/admin-profile.php
# 3 - set admin name with payload
# 4 - xss fires