CVE-2021-38699 PoC — Tastylgniter 跨站脚本漏洞

Source

https://github.com/HuskyHacks/CVE-2021-38699-Stored-XSS

Associated Vulnerability

Title:Tastylgniter 跨站脚本漏洞 (CVE-2021-38699)
Description:TastyIgniter是一个基于Laravel PHP Framework的免费开源在线订购软件，旨在让开发者和餐馆老板享受生活。 Tastylgniter 3.0.7存在跨站脚本漏洞，该漏洞源于软件中的/account, /reservation, /admin/dashboard, 和/admin/system_logs目录中缺少对于用户提交数据的有效验证。

Description

Stored XSS in TastyIgniter v3.0.7 Restaurtant CMS

Readme

# CVE-2021-38699: Stored XSS in TastyIgniter v3.0.7 Restaurtant CMS

Stored authenticated cross-site scripting exists in the in TastyIgniter v3.0.7 Restaurtant CMS System Logs section of the web application. 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38699

## POC

1) Execute reflective cross site scripting elsewhere in the web app (see https://github.com/HuskyHacks/CVE-2021-38699-Reflected-XSS).
2) Navigate to the System Logs section
3) XSS payload should trigger.
4) Refresh the page.
5) XSS payload should trigger.


![image](https://user-images.githubusercontent.com/57866415/129279131-a47b3334-0b92-487a-9e71-98411a2eb69b.png)
![image](https://user-images.githubusercontent.com/57866415/129279255-bc4d40ee-17d2-4c14-8a1b-7fc77be3ea2c.png)

## Discovery
 August 2021
- Matt Kiely | HuskyHacks
- Justin White (https://github.com/Justin-1993/CVE-2021-38699 & https://pentesternotes.com/?p=209)

File Snapshot


 [4.0K]  /data/pocs/2881d69ae70803045c316347591b9a0434af1e4d
└── [ 915]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!