XSS vulnerability from Sourcecodester Interactive Map With Marker 1.0 (delete-mark.php)
CVE-2024-8151
A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/delete-mark.php. The manipulation of the argument mark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Affected Project: Interactive Map with Marker 1.0
Official Website: https://www.sourcecodester.com/php/17354/interactive-map-markers-using-php-and-mysql-source-code.html
Version: 1.0
Related Code file: delete-mark.php
Injection parameter: mark
Vulnerability Description
The mark parameter is vulnerable to the tested XSS payload: %3cIMG%20%22%22%22%3e%3cSCRIPT%3ealert(%22XSS%22)%3c%2fSCRIPT%3e%22%3e. This string is encoded and when decoded, it attempts to inject a script into the webpage:
<IMG """"><SCRIPT>alert("XSS")</SCRIPT>">
Application does not properly sanitize or validate the mark input, this script could be executed in the user’s browser, leading to an XSS attack.
Demonstration
Below is how Interactive Map with Marker looks like:
We can delete mark as such:
Intercept the delete(delete-mark.php) traffic using Burp Suite and inject the following payload:
%3cIMG%20%22%22%22%3e%3cSCRIPT%3ealert(%22XSS%22)%3c%2fSCRIPT%3e%22%3e
Payload used above is HTML encoded and decodes as <IMG """><SCRIPT>alert("XSS")</SCRIPT>">
Upon sending the modifying traffic containing XSS payload, we can verify the vulnerability: