Remote Code Execution Vulnerability through JS injection
Discovered by Nithissh S
Vulnerable version: 1.0
Vendor Homepage:
Bug Description:
Stored XSS Vulnerability exists in add review function which can be escalated to JS injection which can resukt in Remote Code execution through
Steps to Produce:
- First of all we will look into the source code
2. The above source code doesn’t validate any input data and executes the Input data
3. So , I have used a Simple XSS payload and it works .
4. So , Lets escalate the XSS to RCE and make use of the tool called JSshell
What the tool does his it takes advantage of xss payload and netcat . It will a generate a payloads to test . We can also manually using netcat and constructing XSS payload based on the XSS payload
5. After Generating an XSS payload using JSshell , The payload looks like this
6. In the add review fuction we can enter any one of the payload and will the Reverse shell and we got RCE
Impact:
An attacker who is able to execute such a flaw is usually able to execute commands with the privileges of the programming language or the web server. On many languages he can issue system commands, write, delete or read files or connect to databases.
CVE Mitre -> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43439