Cross Site Scripting - School Dormitory Management System

May 11, 2022

Product School Dormitory Management System
Product Link Link
Vulnerability Cross Site Scripting
Severity medium

Overview

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.

The ?page= parameter in the request URL indicated which page is being requested. However, due to a misimplementation of Javascript funtion, it is possible to inject a malicious script. An attacker can escape a line of code and insert his own.

The vulnerability appears in inc/navigation.php file:

<script>
$(document).ready(function(){
    var page = '<?php echo isset($_GET['page']) ? $_GET['page'] : 'home' ?>';
    var s = '<?php echo isset($_GET['s']) ? $_GET['s'] : '' ?>';
    page = page.replace(/\//g,'_');
    console.log(page)

    if($('.nav-link.nav-'+page).length > 0){
            $('.nav-link.nav-'+page).addClass('active')
    if($('.nav-link.nav-'+page).hasClass('tree-item') == true){
        $('.nav-link.nav-'+page).closest('.nav-treeview').siblings('a').addClass('active')
        $('.nav-link.nav-'+page).closest('.nav-treeview').parent().addClass('menu-open')
    }
    if($('.nav-link.nav-'+page).hasClass('nav-is-tree') == true){
        $('.nav-link.nav-'+page).parent().addClass('menu-open')
    }

    }
    $('.nav-link.active').addClass('bg-gradient-maroon')
})
</script>

By passing '; alert(1); ' to the ?page= parameter the code will be injected and executed when the page is loaded.