Gastro - Restaurant Extension for NexoPOS v2.3.34 Stored XSS Injection - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1579922 漏洞类型
发布时间 2019-04-23 更新时间 2019-04-23
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019040206
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[*] :: Title: Gastro - Restaurant Extension for NexoPOS v2.3.34 Stored XSS Injection
[*] :: Author: QUIXSS
[*] :: Date: 2019-04-23
[*] :: Software: Gastro - Restaurant Extension for NexoPOS v2.3.34
  
[?] :: Technical Details & Description:
# Weak security measures like bad input fields data filtering has been discovered in the «Gastro - Restaurant Extension for NexoPOS». Current version of this web-application is 2.3.34.

[?] :: Demo Website:
# https://codecanyon.net/item/gastro-restaurant-extension-for-nexopos/20242963
# Backend: http://tendoo.org/gastro/dashboard
# Login: admin, Password: 123456

[!] :: Special Note:
# Author of this web-application was warned twice about bad security measures. Nothing has changed.

[!] :: PoC Stored XSS Injections:
# http://tendoo.org/gastro/dashboard/users/profile
# http://tendoo.org/gastro/dashboard/nexo/orders

[+] :: PoC [Stored XSS Injection]:
# Authorize on the demo website for tests: http://tendoo.org/gastro/sign-in/ (login / password is admin / 123456). Then go to any page u want, f.e. http://tendoo.org/gastro/dashboard/users/profile and save your payload inside field «First Name» or «Last Name». Almost each input field is vulnerable for Stored XSS Injection.
# Sample payload: "><script>alert('QUIXSS')</script>