PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, City

vendor:

Hostel Management System

by:

Kokn3t

5.4

CVSS

MEDIUM

Cross-Site Scripting (XSS)

CWE

Product Name: Hostel Management System

Affected Version From: 2.1

Affected Version To: 2.1

Patch Exists: YES

Related CWE: CVE-2020-25270

CPE: 2.3:a:phpgurukul:hostel_management_system:2.1

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10, Kali 2020.1

2020

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, City

PHPGurukul hostel-management-system 2.1 is vulnerable to Cross-Site Scripting (XSS) attacks via the Guardian Name, Guardian Relation, Guardian Contact no, Address, and City fields. An attacker can inject malicious JavaScript code into these fields when booking a hostel, which will be triggered when the admin views the student's record. This can be used to steal user data or perform other malicious activities.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the fields. Additionally, the application should be configured to use a Content Security Policy (CSP) to prevent malicious code from being executed.

Source

Exploit-DB raw data:

# Exploit Title: PHPGurukul hostel-management-system 2.1 allows XSS via
Guardian Name, Guardian Relation, Guardian Contact no, Address, City
# Google Dork: N/A
# Date: 2020-10-08
# Exploit Author: Kokn3t
# Vendor Homepage: https://phpgurukul.com
# Software Link: https://phpgurukul.com/hostel-management-system
# Version:  V 2.1
# Tested on: Windows 10, Kali 2020.1
# CVE : CVE-2020-25270

######## Attack Vector ########

Install Hostel Management System V 2.1

1) User Module

    Login as user and go to "Book Hostel"
(http:/localhost/hostel/book-hostel.php) and start booking.

    Add malicious script in these fields - "<script>alert('XSS');</script>"

    i. Guardian Name

    ii. Guardian Relation

    iii.Guardian Contact no

    iv. Address

    vi. City

    After that will get a prompt "Student Successfully register" and after
pressing "See All", XSS will be triggered.

2) Admin Module

Login in as Admin and go to "Management Students", and "View Full details"
of booked student's record, XSS will be triggered also.