Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)

vendor:

Loan Management System

by:

Akıner Kısa

8.8

CVSS

HIGH

Cross Site Scripting (Stored)

CWE

Product Name: Loan Management System

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:sourcecodester:loan_management_system:1.0

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: XAMPP

2020

Loan Management System 1.0 – Multiple Cross Site Scripting (Stored)

Loan Management System 1.0 is vulnerable to multiple Cross Site Scripting (Stored) attacks. An attacker can inject malicious JavaScript code into the vulnerable pages by using the edit button in the right, action column. The malicious code is then stored in the database and is executed when the page is loaded. This can lead to the theft of sensitive information such as session cookies and other credentials.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the application. The application should also be configured to use a secure connection (HTTPS) to prevent the malicious code from being intercepted by an attacker.

Source

Exploit-DB raw data:

# Exploit Title: Loan Management System 1.0 - Multiple Cross Site Scripting (Stored)
# Google Dork: N/A
# Date: 2020/10/19
# Exploit Author: Akıner Kısa
# Vendor Homepage: https://www.sourcecodester.com/php/14471/loan-management-system-using-phpmysql-source-code.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/loan-management-system-using-php.zip
# Version: 1.0
# Tested on: XAMPP 
# CVE : N/A

Vulnerable Pages:

http://localhost/loan/index.php?page=loans
http://localhost/loan/index.php?page=payments
http://localhost/loan/index.php?page=borrowers
http://localhost/loan/index.php?page=loan_type

Proof of Concept:

1 - Go to vulnerable pages and using edit button (in the right, action column).

2 - And fill the blanks with "<script>alert(1)</script>" payload.