Hi All,
I am Maloy Roy Orko
Recently in one of my pentest research, I found a Simple-User-Management-System-with-PHP-MySQL application By Nababur which is an open source Simple-User-Management-System to manage users of a company or organization.
Curious to explore its functionalities, I downloaded and set it up in my local system.
After fiddling with the source code, I found that it did not have any kind of Input Validation in the Name,Username fields in register.php file.
It can lead into:
- Session Hijacking
- Data Theft
- Defacement
- Malware Distribution
- Phishing Attacks
- Denial of Service
- Spread of Malicious Content
The Main Thing Is,If any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too.Thats why I am trying to inform everyone about this.
Title of the Vulnerability:
Simple-User-Management-System V 1.0 | Name, Username - register.php | Stored Cross Site Scripting(XSS) | Found By Maloy Roy Orko
Vulnerability Class: Stored Cross Site Scripting
Product Name: Simple-User-Management-System-with-PHP-MySQL
Vendor: https://github.com/nababur/
Vulnerable Product Link: https://github.com/nababur/Simple-User-Management-System-with-PHP-MySQL
Technical Details & Description: The application source code is coded in a way which allows Stored Cross Site Scripting .It can lead into:
- Session Hijacking
- Data Theft
- Defacement
- Malware Distribution
- Phishing Attacks
- Denial of Service
- Spread of Malicious Content
Product & Service Introduction: Simple-User-Management-System-with-PHP-MySQL
Observation & Exploitation:
Here,The Vulnerable File Is: register.php/
Here,The Impact Will Be Shown In:
/index.php
Who will be affected of this xss attack?
->The Administrator and Other Users while logged in.
Lets Exploit 🌠🗝️🔐:
First,Go To register.php
Example: 192.168.0.100:8080/user/register.php
Now,Use XSS Payloads To Signup In The Sign Up Fields (Name,Username)
Here,I Am Inputing XSS PAYLOADS IN Name & Username Field.
The Payloads Are Inputted Like This:
See The Image
Name: <script>alert("XSS Found By Maloy");</script>
Username: <script>alert("xss");</script>
Thus,We will input xss payloads and it will be stored.
Then,where they will be executed?
Which Advantages,We will get?
We will be able to Takeover Admin As XSS Payloads Direct Gives Impact On Management File /index.php
We will be able to execute malicious JavaScript codes into visitors browser via /index.php
Conclusion :-
The main aim of this article is to show that if any NON-IT personal uses this template,he will fall into this vulnerability and his companies reputation can be lost too. But I also hope that it helps to give you ideas of how combining attacks can make them much more potent.