A security vulnerability has been identified in the Web-Based Student Clearance System version 1., which allows potential attackers with malicious intent to execute arbitrary web scripts or HTML injected into the vulnerable system, potentially leading to various adverse effects. The vulnerability has been assigned the identifier CVE-2022-45221 and resides within the changepassword.php file.

Background

Web-Based Student Clearance System is a PHP-based application designed to manage student clearances for schools and universities. Users have the ability to change their account passwords by accessing the changepassword.php page. However, this page does not properly sanitize the input data introduced by users before processing it, resulting in the aforementioned XSS vulnerability.

Exploit Details

The vulnerability is found within the txtnew_password parameter in the changepassword.php file, as it does not properly validate user input. Therefore, an attacker may construct a payload that, when injected into the txtnew_password field, executes an arbitrary web script or HTML.

The following code snippet represents a typical example of the vulnerability

$newpassword = $_POST['txtnew_password'];
$confirmpassword = $_POST['txtconfirm_password'];

if ($newpassword == $confirmpassword) {
  ...
}

In the above snippet, $newpassword and $confirmpassword variables receive input from the user without proper sanitization. An attacker could potentially exploit this vulnerability by entering a malicious web script in the txtnew_password parameter, such as:

<script>alert("XSS Vulnerability Found!")</script>

When a victim user visits the changepassword.php page or submits the form containing this payload, the script runs, executing the attacker's arbitrary web script or HTML code.

Mitigation

To properly address this issue, the developers of the Web-Based Student Clearance System should implement appropriate input validation and sanitization to ensure all user input is secure before processing.

For example, using PHP's built-in function htmlspecialchars() can convert special characters to their corresponding HTML entities, effectively neutralizing any malicious code injected:

$newpassword = htmlspecialchars($_POST['txtnew_password'], ENT_QUOTES, 'UTF-8');
$confirmpassword = htmlspecialchars($_POST['txtconfirm_password'], ENT_QUOTES, 'UTF-8');

For further information and guidance, please refer to the following official sources

- CVE-2022-45221 MITRE Record

- NVD - CVE-2022-45221

Conclusion

The Web-Based Student Clearance System v1. has been found to contain a cross-site scripting (XSS) vulnerability (CVE-2022-45221) in the changepassword.php file. This vulnerability allows attackers to execute arbitrary web scripts or HTML through a crafted payload introduced via the txtnew_password field. Users are advised to apply proper validation and sanitization methods to mitigate the risk posed by this vulnerability.

Timeline

Published on: 11/28/2022 22:15:00 UTC
Last modified on: 11/30/2022 05:00:00 UTC