XSS vulnerability from Sourcecodester Daily Calories Monitoring Tool 1.0 (add-calorie.php)
CVE-2024-8141
A vulnerability was found in SourceCodester Daily Calories Monitoring Tool 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /endpoint/add-calorie.php. The manipulation of the argument calorie_date/calorie_name leads to cross site scripting. This vulnerability was named CVE-2024-8141. The attack can be initiated remotely. Furthermore, there is an exploit available.
Affected Project: Daily Calories Monitoring Tool 1.0
Official Website: https://www.sourcecodester.com/php/17445/daily-calories-monitoring-tool-using-php-and-mysql-source-code.html
Version: 1.0
Related Code file: add-calorie.php
Injection parameter: calorie_date, calorie_name
Vulnerability Description
The calorie_date, calorie_name parameters are vulnerable to the tested XSS payload: <IMG """"><SCRIPT>alert("XSS")</SCRIPT>">
.
Application does not properly sanitize or validate the input, this script could be executed in the user’s browser, leading to an XSS attack.
Analysis
catch (PDOException $e) {
echo "Error:" . $e->getMessage();
}
The code catches a PDOException and directly echoes the error message using $e→getMessage(). If an attacker can manipulate the database interaction to cause an error that includes malicious script content, that content would be output directly to the user’s browser.
Demonstration
Below is how Daily Calorie Monitoring Tool looks like:
We can add calorie as such:
Intercept the adding calorie traffic using Burp Suite:
Let’s inject xss payloads to the vulnerable parameters. Following payload is used: <IMG """>“>
Upon sending the modified traffic, we can confirm XSS vulnerability: