Paulprinting cms multiple cross site web vulnerabilities Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2023-07-20 |
Type : webapps |
Platform : php
This exploit / vulnerability Paulprinting cms multiple cross site web vulnerabilities is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
Exploit Title: PaulPrinting CMS - Multiple Cross Site Web Vulnerabilities
Vulnerability Laboratory ID (VL-ID):
====================================
2285
Common Vulnerability Scoring System:
====================================
5.8
Vulnerability Class:
====================
Cross Site Scripting - Persistent
Current Estimated Price:
========================
500€ - 1.000€
Product & Service Introduction:
===============================
PaulPrinting is designed feature rich, easy to use, search engine friendly, modern design and with a visually appealing interface.
(Copy of the Homepage:https://codecanyon.net/user/codepaul )
Abstract Advisory Information:
==============================
The vulnerability laboratory core research team discovered multiple persistent cross site vulnerabilities in the PaulPrinting (v2018) cms web-application.
Technical Details & Description:
================================
Multiple persistent input validation vulnerabilities has been discovered in the official PaulPrinting (v2018) cms web-application.
The vulnerability allows remote attackers to inject own malicious script codes with persistent attack vector to compromise browser
to web-application requests from the application-side.
The first vulnerability is located in the register module. Remote attackers are able to register user account with malicious script code.
After the registration to attacker provokes an execution of the malformed scripts on review of the settings or by user reviews of admins
in the backend (listing).
The second vulnerability is located in the delivery module. Remote attackers with low privileged user accounts are able to inject own
malicious script code to contact details. Thus allows to perform an execute on each interaction with users or by reviews of admins in
the backend (listing).
Successful exploitation of the vulnerability results in session hijacking, persistent phishing attacks, persistent external redirects to
malicious source and persistent manipulation of affected application modules.
Proof of Concept (PoC):
=======================
The persistent input validation web vulnerabilities can be exploited by remote attackers with low privileged user account and low user interaction.
For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.
Manual steps to reproduce the vulnerability ...
1. Open your browser and start a http session tamper
2. Register in the application by login click to register
3. Inject to the marked vulnerable input fields your test payload
4. Save the entry by submit via post method
5. Login to the account and preview the settings
Note: Administrators in the backend have the same wrong validated context that executes on preview of users
6. The script code executes on preview of the profile - settings
7. Successful reproduce of the first vulnerability!
8. Followup by opening the Delivery address module
9. Add a contact and add in the same vulnerable marked input fields your test payload
Note: T he script code executes on each review of the address in the backend or user frontend
10. Successful reproduce of the second vulnerability!