POC详情: 71371a99707f0403e555c0ed9c2adb80c7eaa954

来源
关联漏洞
标题: Toll Tax Management System 安全漏洞 (CVE-2024-51032)
描述:Toll Tax Management System是Carlo Montero个人开发者的一个通行税管理系统。 Toll Tax Management System 1.0版本存在安全漏洞,该漏洞源于manage_recipient.php中的owner参数包含一个跨站脚本漏洞。
描述
A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of Sourcecodester Toll Tax Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "owner" input field.
介绍
# CVE-2024-51032

## Description
A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of Sourcecodester Toll Tax Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the "owner" input field.

## Vulnerability Type
Cross Site Scripting (XSS)

## Vendor of Product
Sourcecodester

## Affected Product Code Base:
https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html - 1.0

## Affected Component:
Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the owner input field on the manage_recipient page

## Attack Vectors:
1. Setup the application locally and login using the default admin credentials.
2. Then go to "user list" option and you will see a normal user named cblake. Click on the action tab and click on edit and generate a password for the cblake user so you can login as cblake.
3. Then logout and then log back in as user cblake with the required credentials.
4. Now go to "recipients" field and click on create new button.
5. Now inject the paylaod `"<svg onload=alert&#0000000040document.cookie)>"` in the owner input field and complete the remaining form details and click the "save" button.
6. Now log back in as admin and go to recipients tab, you can see the entry which cblake did and we can also see an alert popping up which prints the session cookie of  "admin" user.


## Reference:
https://www.sourcecodester.com/
https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html
https://owasp.org/www-community/attacks/xss/
文件快照

[4.0K] /data/pocs/71371a99707f0403e555c0ed9c2adb80c7eaa954 └── [1.6K] README.md 0 directories, 1 file
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。