Restaurant Management System 1.0 XSS / Session Hijack

Disclosure date: 10/24/19

CVE-2019-18415
CVE-2019-18416

Restaurant Management System 1.0 is affected by a cross site scripting vulnerability that can be leveraged for session hijacking.  An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account.  This vulnerability can be exploited with an authenticated and an unauthenticated account.

Inserting our malicious XSS into the Message field:






Our malicious XSS in sent messages:





Our handler setup to catch the inbound session with the cookie:





Viewing the Management interface from an unauthenticated session:





Tampering with the cookie:





With the retrieved cookie, we point the browser to the Messages Management page:





Session hijacked.

With an unauthenticated session, we can perform the same attack.  Inserting our malicious XSS into the Last Name field:





Our malicious XSS in Members List:





Our handler setup to catch the inbound session with the cookie: