CVE-2022-30003 The 1.0 version of Codester Online Market Place is vulnerable to XSS, allowing attackers to register as a seller and create products with XSS payloads in the Product Title and Short Description fields.

In addition, the CodeNSCodester 1.0 site was tested for a variety of security issues - including Insecure Direct Object References, Incorrect Access Control ( allowing attackers to hijack another user’s account, transfer funds, change settings, etc. If you’re using CodeNSCodester 1.0, we recommend upgrading to a newer version of the software as soon as possible.

CodeNSCodester Online Marketplace was tested on 1.0 version, which is vulnerable to Cross Site Scripting (XSS). Attackers were able to inject malicious scripts in the 'Product Title' and 'Short Description' fields, allowing them to steal data or perform other actions in the user's account. The 'Access Control' settings on CodeNSCodester Online Marketplace were also found to be insecure, which could be exploited by malicious users to access or modify the user's account.

How to stay safe while using CodeNSCodester ?

If you're using CodeNSCodester or CodeNSCodester Online Marketplace and want to stay safe, use the latest version of the software. It's available now on CodeNSCodester online marketplace.

Installation of CodeNSCodester 1.0 on Linux

The CodeNSCodester 1.0 site was tested on Linux, which is a distribution of the Unix operating system and an open source development platform. The installation instructions for Linux are found on the CodeNSCodester 1.0 website , but these instructions are not well written or organized.

A quick analysis of the code shows that the site relies on Redis as its primary data store, but does not properly check for input that comes from outside sources, such as a SQL injection attack or external shell commands (such as curl). This could allow attackers to inject malicious scripts into the 'Product Title' and 'Short Description' fields, resulting in stealing data or performing other actions in the user's account.

To install CodeNSCodester 1.0 on Linux, follow these steps:  
1) Install NodeJS using your package manager. You can use NPM or apt-get to do so:
- For Ubuntu/Debian:

Timeline

Published on: 09/26/2022 19:15:00 UTC
Last modified on: 09/28/2022 17:04:00 UTC

References

• https://www.sourcecodester.com/php/15273/online-market-place-site-phpoop-free-source-code.html
• https://packetstormsecurity.com/files/168250/omps10-xss.txt
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-30003