Simple college website 1.0 full stored cross site scripting Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2021-01-26 |
Type : webapps |
Platform : php
This exploit / vulnerability Simple college website 1.0 full stored cross site scripting is for educational purposes only and if it is used you will do on your own risk!
Explaination:
The source of "/admin_pages/admission.php" file defines the following lines of code:
if (isset($_POST['add'])&&!empty($_POST['full'])) {
$full=$_POST['full'];
$query=mysqli_query($conn,"UPDATE `contents` SET `full_contents`='$full' WHERE `id`='2'");
if ($query) {
echo "<b style='color:white;'>Page changed..!</b>";
} else if(!$query){
echo "<b style='color:white;'>Page is not changed..!</b>";
}
}
which allow to an authenticated administrator to modify the source code of the page.
Every change is then reflected and the user-input is not properly sanitized, this leads to cross site scripting attacks.
An attacker may try to gain access to the admin panel using authentication bypass through sql injection exploit.
Proof Of Concept:
The attacker is logged into the administrator panel and modifies the source code of admission.php page to inject javascript code as it follows: