Zero Inventory Management System v1.0 Stored XSS Injection

2019.06.10
ru m0ze (RU) ru
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

/*! * ::- Title: Zero Inventory Management System v1.0 Stored XSS Injection * ::- Author: m0ze * ::- Date: 2019/06/10 * ::- Software: Zero Inventory Management System v1.0 */ ::- Details & Description -:: ~ Weak security measures like no input fields data filtering has been discovered in the «Zero Inventory Management System». Current version of this web-application is 1.0. ::- Demo Website -:: ~ https://codecanyon.net/item/zero-inventory-management-system/23875178 ~ Backend: http://zeroinfosys.com/inventory ~ Login & Password: doesn't matter, pick any credentials on the backend login page ::- Special Note -:: ~ Declared options of this item with price $50 is: «Highly Security provided» and «Injection protected». ::- PoC Links -:: ~ http://zeroinfosys.com/inventory/warehouse_manager ~ http://zeroinfosys.com/inventory/admin ~ http://zeroinfosys.com/inventory/showroom_manager/Categories ~ http://zeroinfosys.com/inventory/showroom_manager/Expense ::- PoC [Stored XSS Injection] -:: ~ Go to the demo website http://zeroinfosys.com/inventory and log in with provided credentials. Then go to any page you want and add a new data or edit the existed. There is no input data filtering at all, so use any payload you want. ~ You can edit the users profile also, just delete the «disabled» attribute for any input field or text area and then save your changes. ~ Example #1: <span onmouseover="alert('m0ze')" style="font-size:88px;color:#ff003b;">m0ze</span> ~ Example #2: <img src="x" onerror="alert('m0ze');window.location='http://defcon.su/';">

References:

https://codecanyon.net/item/zero-inventory-management-system/23875178


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top