CVE-2022-3014 An issue was found in SourceCodester Simple Task Managing System. Manipulating the argument student_add leads to cross site scripting. The vulnerability can be exploited remotely.

If there is a task in the system where the student_id argument is mandatory and there is no input validation, it could be exploited to manipulate the student_id value. For example, a task like this can be used to exploit this vulnerability - "Add new student" / "Add new course" / "Add new task" / "Add new student" / "Add new course" / "Add new task" / etc. In the first step of the process, the system receives a request with the student_add argument being manipulated. The second step is where the request is sent to the target system. By manipulating the argument student_add in the first step, an attacker can inject malicious code in the target system. The final step is executing the request. If we apply the same scenario to other systems, we can find more vulnerable systems.

HTTP Request Format

The HTTP request format is a standard for the communication between web servers and web browsers. It is an essential part of how websites operate.
HTTP requests typically consist of a path, followed by one or more parameters, followed by a terminator delimiter. This delimiter can be either an ampersand ('&') or the carriage return ('\r'). The client sends the request as encoded text to the server in the form of an HTTP request message. The server decodes it and processes it according to its specific requirements before sending a response message back to the client.
A typical HTTP request includes four parts:
The "request-line", which contains the method (with optional arguments), URL, and protocol version;
An optional status line detailing status information about the requester;
An optional header block containing headers for use in subsequent transmissions with this client; and
An optional body containing data to be processed by the server.

Timeline

Published on: 08/27/2022 09:15:00 UTC
Last modified on: 08/31/2022 19:06:00 UTC

References