CVE-2022-37796 In the /admin_book.php script Title, Author, and Description are vulnerable to XSS.
If the admin user is not careful about the input of these parameters, a hacker can inject malicious code into the site and steal sensitive data. To prevent this, you need to input the Title, Author, and Description of a book in a trusted way. For example, you can use the following code to display a pop-up message when an admin user enters a Title, Author, or Description: p>{{ $book->get(‘title’) | quote }}/p> p>{{ $book->get(‘author’) | quote }}/p> p>{{ $book->get(‘description’) | quote }}/p>
In Simple Online Book Store System 1.0 in /admin_book.php there is a RedirectTo route that can be exploited to inject malicious code.
The RedirectTo route is used to change the URL that a user is sent to when they click a link. This can be used to redirect a user from one site to another site.
CVE-2041-37797
If the book is in a private library, the user needs to be authenticated before they can see it. This can be done by checking if the user has any rights to access this book with:
if ($book->has_right(‘read’)) { //Authorized! }
Security Weakness:
If an admin user enters the Title, Author, or Description of a book in a trusted way, a hacker can inject malicious code into the site and steal sensitive data. To prevent this, you need to input the Title, Author, and Description of a book in a trusted way. For example, you can use the following code to display a pop-up message when an admin user enters a Title, Author, or Description:
p>{{ $book->get(‘title’) | quote }}/p> p>{{ $book->get(‘author’) | quote }}/p> p>{{ $book->get(‘description’) | quote }}/p>
In Simple Online Book Store System 1.0 in /admin_book.php there is a RedirectTo route that can be exploited to inject malicious code.
Exploitation of the RedirectTo route in Online Book Store System 1.0
The vulnerability in this application is that if a user enters the title, author, or description of a book into the input fields in the RedirectTo route, then it will be sent to the site http://localhost/admin_book.php?title=
Vulnerability Discovery: Search for Local File Inclusion
If an admin user enters a Title, Author, or Description of a book in a trusted way, a hacker can exploit the $book->get(‘title’) | quote and $book->get(‘author’) | quote functions to steal data. To prevent this from happening, you need to input the Title, Author, and Description of a book in a trusted way. For example, you can use the following code: p>{{ $book->get(‘title’) | quote }}/p> p>{{ $book->get(‘author’) | quote }}/p> p>{{ $book->get(‘description’) | quote }}/p>
The RedirectTo route is used to change the URL that a user is sent to when they click a link. This can be used to redirect a user from one site to another site.
Scenario
Alice is an admin user who wants to change the landing page of her site by redirecting a user that clicks on a link to another site. To do this, Alice can enter an address into the RedirectTo variable in the route:
$exposure = new Route( 'redirect-to', '/some-other-site/' ); $exposure->get( 'title', 'Author', 'Description' );
Timeline
Published on: 09/12/2022 00:15:00 UTC
Last modified on: 09/15/2022 03:47:00 UTC