Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)

vendor:

Library System in PHP

by:

Akash Rajendra Patil

8.8

CVSS

HIGH

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Library System in PHP

Affected Version From: V 1.0

Affected Version To: V 1.0

Patch Exists: NO

Related CWE:

CPE: a:yahoobaba:library_system_in_php

Metasploit:

Other Scripts:

Platforms Tested: WAMPP

2021

Library System in PHP 1.0 – ‘publisher name’ Stored Cross-Site Scripting (XSS)

Library System in PHP V1.0 is vulnerable to stored cross site scripting because of insufficient user supplied data sanitisation. An attacker can exploit this vulnerability by entering a malicious payload in the publisher field and clicking on Save. The payload will be stored in the database and executed when the page is loaded.

Mitigation:

Input validation should be used to ensure that user supplied data is properly sanitized before being stored in the database.

Source

Exploit-DB raw data:

# Exploit Title: Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)
# Google Dork: NA
# Date: 03-OCT-2021
# Exploit Author: Akash Rajendra Patil
# Vendor Homepage: https://www.yahoobaba.net/project/library-system-in-php
# Software Link: https://www.yahoobaba.net/project/library-system-in-php
# Version: V 1.0
# Tested on: WAMPP
# Description #

Library System in PHP V1.0 is vulnerable to stored cross site scripting because of insufficient user supplied data sanitisation.

# Proof of Concept (PoC) :
#Exploit:
1) Goto: http://localhost/library-system/dashboard.php
2) Login as admin using test credentials: admin/admin
3) Goto: http://localhost/library-system/update-publisher.php?pid=12
4) Enter the following payload in the publisher field: <script>alert(document.cookie)</script>
5) Click on Save
6) Our payload is fired and stored