Stored XSS Vulnerability in PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9-[CVE-2018-7469]

[+] Credits: Neeraj Kumar
[+] Email: neeraj.iiita2009@gmail.com

Vendor:
====================
https://www.phpscriptsmall.com/

Product:
===================
Entrepreneur Job Portal Script 2.0.9

Link to access the Product:
=====================
https://www.phpscriptsmall.com/product/entrepreneur-job-portal-script/

Vulnerability Type:
==========================
Cross site scripting - Stored XSS

CVE Reference:
==============
CVE-2018-7469

Vulnerability Details:
======================
PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 Application is vulnerable to stored XSS within the "Industry Type" function in 'Manage Site'. Within the Industry Type section the application does not sanitize user supplied input and renders injected javascript code to the users browsers. Also with this injection, it affects the user page. An attackers use this vulnerability to inject malicious javascript code such as hijack user sessions, malicious redirect, deface web sites, insert hostile content, redirect users, hijack the user’s browser using malware, etc.

XSS Exploit code(s):
====================
<script>alert("document.cookie")</script>

Affected Component:
====================
Field Name: Edit Category Name
Parameter Name: p_name

Proof-of-Concept:
====================
1. Login into the admin site.
2. Goto “Categories - Industry Type".
3. Put <script>alert("document.cookie")</script> in Edit Category Name field. and save it.
4. Access the below pages:
Admin login- (Use below link to inject the XSS payload)
http://freelancewebdesignerchennai.com/demo/job-portal/admin/categories_industry.php?action=edit&id=52.
5. You will get the "cookie value" pop up by accessing the below links.
     a.Admin login-
        http://freelancewebdesignerchennai.com/demo/job-portal/admin/categories_industry.php
     b.Normal User Login-
         http://freelancewebdesignerchennai.com/demo/job-portal/

Figure (a): Stored XSS on Admin Portal

Figure (b): Stored XSS on User Portal


Disclosure Timeline:
=====================
Mitre Notification: February 25, 2018
Public Disclosure: February 28, 2018

Attack Type:
=======================
Remote

Impact Code execution:
=======================
True

Impact Information Disclosure:
=======================
True

Description:
=====================================================
Request Method(s): [+] POST
Vulnerable Product: [+] PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9
Vulnerable Parameter(s): [+] p_name

References:
=====================================================
https://www.owasp.org/index.php/Top_10-2017_A7-Cross-Site_Scripting_(XSS)

[+] Disclaimer:
=====================================================
The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. All content (c).

Comments


  1. Thanks for sharing with us your wisdom.This will absolutely going to help me in my projects .

    PHP Training in Chennai

    PHP Training

    ReplyDelete
  2. Thanks For Your valuable posting, it was very informative

    Education
    Technology

    ReplyDelete

Post a Comment

Popular posts from this blog

Polaris’ Intellect Core Banking Software Version 9.7.1- Open Redirect [CVE-2018-14931]

Stored XSS Vulnerability in Hot Scripts Clone:Script Classified Version 3.1-[CVE-2018-7650]

Stored XSS Vulnerability in Bookme Control Panel 2.0-[CVE-2018-8737]