CVE-2024-50969
📋 TL;DR
This is a reflected cross-site scripting (XSS) vulnerability in Jonnys Liquor 1.0 that allows attackers to inject malicious scripts via the search parameter in browse.php. Attackers can steal session cookies, redirect users, or perform actions on their behalf. Anyone running Jonnys Liquor 1.0 with the vulnerable browse.php file is affected.
💻 Affected Systems
- Jonnys Liquor
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attacker steals administrator session cookies, gains full control of the application, and potentially compromises the underlying server or database.
Likely Case
Attacker steals user session cookies to hijack accounts, redirects users to phishing sites, or performs unauthorized actions in the context of logged-in users.
If Mitigated
With proper input validation and output encoding, malicious scripts are neutralized before execution, preventing any impact.
🎯 Exploit Status
Exploitation requires tricking a user into clicking a malicious link containing the XSS payload in the search parameter.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
No official patch exists. Implement input validation and output encoding in browse.php to sanitize the search parameter.
🔧 Temporary Workarounds
Input Validation and Output Encoding
allModify browse.php to validate and encode the search parameter before output.
Edit browse.php and add: $search = htmlspecialchars($_GET['search'], ENT_QUOTES, 'UTF-8'); before using $search in output.
Web Application Firewall (WAF) Rule
allDeploy a WAF rule to block requests containing XSS patterns in the search parameter.
Configure WAF to block patterns like <script>, javascript:, onload=, etc., in the search query parameter.
🧯 If You Can't Patch
- Disable or restrict access to browse.php if not essential.
- Implement Content Security Policy (CSP) headers to mitigate script execution.
🔍 How to Verify
Check if Vulnerable:
Test by accessing browse.php?search=<script>alert('XSS')</script> and check if the script executes.Check Version:
Check the software version in the application's documentation or configuration files; no standard command exists.Verify Fix Applied:
After applying fixes, test with the same payload; the script should not execute and the input should be displayed as encoded text.📡 Detection & Monitoring
Log Indicators:
- HTTP logs showing requests to browse.php with suspicious search parameters containing script tags or JavaScript code.
Network Indicators:
- Unusual outbound traffic from the application server to external domains following XSS exploitation.
SIEM Query:
source="web_logs" AND uri="*/browse.php*" AND query="*<script>*" OR query="*javascript:*"