Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-import-export-lite domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the insert-headers-and-footers domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121

Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6121
Complaint Management System 4.2 - Persistent Cross-Site Scripting - exploit.company
header-logo
Suggest Exploit
vendor:
Complaint Management System
by:
Besim ALTINOK
7.5
CVSS
HIGH
Persistent Cross-Site Scripting
79
CWE
Product Name: Complaint Management System
Affected Version From: 4.2
Affected Version To: 4.2
Patch Exists: NO
Related CWE:
CPE: a:phpgurukul:complaint_management_system:4.2
Metasploit:
Other Scripts:
Platforms Tested: Xampp

Complaint Management System 4.2 – Persistent Cross-Site Scripting

The Complaint Management System 4.2 allows for persistent cross-site scripting (XSS) attacks. The vulnerability exists in the user registration functionality and in the admin dashboard where the fullName field is not properly filtered. An attacker can insert malicious code into the fullName field, which will be executed when displayed on the admin dashboard.

Mitigation:

To mitigate this vulnerability, input validation and output encoding should be implemented. All user-supplied data should be properly sanitized and filtered to prevent the execution of malicious code.
Source

Exploit-DB raw data:

# Exploit Title: Complaint Management System 4.2 - Persistent Cross-Site Scripting
# Author: Besim ALTINOK
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/complaint-management-sytem/
# Version: v4.2
# Tested on: Xampp
# Credit: İsmail BOZKURT

------ Details:

1- Vulnerable code is here: http://localhost/cms/users/registration.php
2- Vulnerable code:

Insert user registration information to the DB without filtering.

if(isset($_POST['submit']))
{
$fullname=$_POST['fullname'];
$email=$_POST['email'];
$password=md5($_POST['password']);
$contactno=$_POST['contactno'];
$status=1;
$query=mysqli_query($con,"insert into
users(fullName,userEmail,password,contactNo,status)
values('$fullname','$email','$password','$contactno','$status')");
$msg="Registration successfull. Now You can login !";
}
?>

3- In the admin dashboard:

Get fullName from DB and print it without any filtering

<tr>
<td colspan="2"><b><?php echo $row['fullName'];?>'s profile</b></td>
</tr>

4- If we insert "fullName" as "script>prompt(2)</script>", we can perform
this attack as "Stored XSS"

5- Picture in the Attachemnt
---------------------------------------------------

Navigation

Suggest Exploit

Services By CQR

cqrsecured