Ecommerce-CodeIgniter-Bootstrap icon indicating copy to clipboard operation
Ecommerce-CodeIgniter-Bootstrap copied to clipboard
verified publisher icon kirilkirkov

Multiples xss in the application request to open a CVE

Open 3v1lC0d3 opened this issue 1 year ago • 1 comments

Hello I've found multiples XSS in the application that allow an attacker to steal the administrator session, in one hand this vulnerability represent a hisg risk to the customers and user due to a malicious user will decrease the price of the item in the other hand could lead a denegation of service.

Please contact me to give you a complete report.

image

3v1lC0d3 avatar Jun 25 '24 00:06 3v1lC0d3

Hello @3v1lC0d3 can you share here the report of the vulnerabilities and i will fix all of these problems, or make a pull request will fixes and i will merge them. Thank you!

kirilkirkov avatar Jun 26 '24 08:06 kirilkirkov

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

CVSS3:CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C/CR:H/IR:H/AR:H/MAV:N/MAC:L/MPR:L/MUI:N/MS:U/MC:H/MI:H/MA:H Severity:High - 8.8

Impact: An attacker could steal the cookie of an admin by injecting JavaScript code due to improper sanitization. Once done, it is possible to modify prices, the existence of products, and more. This could lead to a direct impact on the confidentiality and economy of the business.

This can lead to various security issues, including:

  • Stealing of session cookies
  • Defacement of web content
  • Redirection to malicious sites
  • Execution of arbitrary code in the user's browser

During the application's inspection, many XSS vulnerabilities were found. The report of those vulnerabilities is shown below. I started looking for vulnerabilities because, although there is no payment for finding vulnerabilities, I think it is really important to help others enhance their security.

An XSS (Cross-Site Scripting) vulnerability was identified in the search_title parameter of the web application. This vulnerability allows an attacker to inject arbitrary JavaScript code, which can be executed in the context of the user's browser.

Proof of Concept: The following payload was used to demonstrate the vulnerability:

`"//"

http://localhost/ecomerce/admin/products?search_title=%22%2F%3Cscript%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%2F%22`

Steps to Reproduce:

  1. Navigate to the affected URL and locate the search_title parameter.
  2. Inject the payload // into the search_title parameter.
  3. Upon submitting the input, a pop-up alert displaying the number 1 is shown, confirming the execution of injected JavaScript code. image

In the same way a XSS (Cross-Site Scripting) vulnerability was identified in the product name parameter of the web application.

Proof of Concept: The following payload was used to demonstrate the vulnerability: <script>alert(document.cookie)</script> Steps to Reproduce:

  1. Navigate to the affected URL and locate the product name parameter(http://localhost/ecomerce/vendor/add/product).
  2. Inject the payload into the product name. image
  3. Upon submitting the input, a pop-up alert displaying the cookie store , confirming the execution of injected JavaScript code. image

image

Similarly, the same vulnerability was identified in the name of a category parameter of the web application.

Proof of Concept: The following payload was used to demonstrate the vulnerability:

<script>alert("category")</script>

Steps to Reproduce:

  1. Navigate to the affected URL(http://localhost/ecomerce/admin/shopcategories) and locate the name of a category parameter.
  2. Inject the payload into the name of a category parameter. image
  3. Upon submitting the input, a pop-up alert displaying the word category is shown, confirming the execution of injected JavaScript code. image

This XSS was different because the javascript code is executed for the customer. image

Recommendation: To mitigate this vulnerability, it is recommended to implement proper input validation and output encoding. Specifically:

  • Validate and sanitize all user inputs.
  • Encode output data to ensure that special characters are properly handled.
  • Utilize security libraries or frameworks that provide built-in protection against XSS.

References: https://owasp.org/www-community/attacks/xss/

3v1lC0d3 avatar Jul 01 '24 07:07 3v1lC0d3

@3v1lC0d3 All vulnerabilities fixes with this commit - https://github.com/kirilkirkov/Ecommerce-CodeIgniter-Bootstrap/commit/1b3da45308bb6c3f55247d0e99620b600bd85277

kirilkirkov avatar Jul 03 '24 17:07 kirilkirkov