Detronetdip E-commerce Stored Cross-Site Scripting Vulnerability

A stored cross-site scripting vulnerability has been identified in Detronetdip E-commerce version 1.0.0. The issue arises from inadequate input sanitization in the 'get_safe_value' function within 'utility/function.php'. This function only utilizes 'mysqli_real_escape_string' to escape characters for SQL queries, leaving HTML entities unencoded. As a result, an attacker can exploit this weakness by injecting malicious JavaScript payloads into product fields, such as 'product_name' or 'description'. These payloads are stored in the database and executed when an administrator views the product list or approves products in the backend dashboard.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user viewing the affected page. This could lead to session hijacking, with attackers able to steal cookies from the administrator's browser, or phishing attacks by injecting misleading information or fake login forms.

Reproduction

To reproduce this vulnerability, log into the application as a seller and navigate to the product management section. Use the 'updateproduct.php' file to send a POST request that includes a JavaScript payload in the 'product_name' field. The payload will be stored in the database and executed when the product list is viewed in the admin dashboard.

Remediation

To address this vulnerability, the 'get_safe_value' function should be updated to include output encoding using 'htmlspecialchars' before data is displayed in the admin dashboard. Additionally, all backend PHP files should verify the user's session state before processing data.