CVE-2024-57522
📋 TL;DR
This vulnerability allows attackers to inject malicious scripts into username or name fields during user creation in the Packers and Movers Management System. When other users view these fields, the scripts execute in their browsers, potentially stealing session cookies or performing unauthorized actions. Organizations using SourceCodester Packers and Movers Management System v1.0 are affected.
💻 Affected Systems
- SourceCodester Packers and Movers Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal administrator session cookies, gain full system control, deface the website, or redirect users to malicious sites, potentially leading to complete system compromise.
Likely Case
Attackers steal user session cookies to hijack accounts, perform unauthorized actions, or deploy phishing attacks against other users.
If Mitigated
With proper input validation and output encoding, the impact is limited to minor data integrity issues with no security consequences.
🎯 Exploit Status
Exploitation requires user creation privileges. Public proof-of-concept code is available on GitHub.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: No
Instructions:
No official patch available. Implement input validation and output encoding in Users.php. Sanitize username and name fields before processing and before displaying.
🔧 Temporary Workarounds
Input Validation and Sanitization
allAdd server-side validation to reject or sanitize HTML/JavaScript in username and name fields
Edit Users.php to add: htmlspecialchars($input, ENT_QUOTES, 'UTF-8') for output and filter_var($input, FILTER_SANITIZE_STRING) for input
Content Security Policy
allImplement CSP headers to restrict script execution
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Or add to PHP: header("Content-Security-Policy: default-src 'self'; script-src 'self'");
🧯 If You Can't Patch
- Restrict user creation to trusted administrators only
- Implement web application firewall rules to block XSS payloads in username/name parameters
🔍 How to Verify
Check if Vulnerable:
Attempt to create a user with username containing: <script>alert('XSS')</script>. If alert appears when viewing user list, system is vulnerable.Check Version:
Check system version in admin panel or readme files. Look for 'Packers and Movers Management System v1.0'Verify Fix Applied:
After implementing fixes, test with same XSS payload. Script should not execute and should appear as plain text.📡 Detection & Monitoring
Log Indicators:
- Unusual user creation events
- Username fields containing script tags or JavaScript code
- Multiple failed login attempts after user creation
Network Indicators:
- HTTP requests with script tags in POST parameters to Users.php
- Unusual outbound connections from user browsers after viewing user lists
SIEM Query:
source="web_logs" AND (uri="/Users.php" OR uri LIKE "%user%") AND (param="username" OR param="name") AND (value LIKE "%<script>%" OR value LIKE "%javascript:%")