Lost And Found Information System 1.0 Cross Site Scripting
2024-6-13 20:52:32 Author: packetstormsecurity.com(查看原文) 阅读量:15 收藏
2024-6-13 20:52:32 Author: packetstormsecurity.com(查看原文) 阅读量:15 收藏
# Exploit Title: Stored Cross Site Scripting Exploit - Lost and Found Information System
# Exploit Author: Amit Roy (Rezur / AR0x7)
# Date: June 07, 2024
# Vendor Homepage: https://www.sourcecodester.com/php/16525/lost-and-found-information-system-using-php-and-mysql-db-source-code-free-download.html
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/php-lfis.zip
# Tested on: Kali Linux, Apache, Mysql
# Version: v1.0
# Exploit Description:
# Lost and Found Information System v1.0 suffers from a Stored Cross Site Scripting Vulnerability allowing authenticated attackers to execute javascript in context of other users including the admin
# CVE : CVE-2024-378561) Go to the User Profile page
2) Paste the XSS payload '<script>alert(document.cookie)</script>' in either of the first, last, middle name fields
3) The payload will be triggered in the context of the admin or the other users# Exploit Title: Refelcted Cross Site Scripting Exploit - Lost and Found Information System
文章来源: https://packetstormsecurity.com/files/179078/lfis10-pxss.txt
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh