Customer Support System 1.0 – Stored XSS

Exploit Database
872 阅读

作者： Geraldo Alcantara

日期： 2024-07-01
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/52057/

# Exploit Title:Customer Support System 1.0 - (XSS) Cross-Site
Scripting Vulnerability in the "subject" at "ticket_list"
# Date: 28/11/2023
# Exploit Author: Geraldo Alcantara
# Vendor Homepage:
https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html
# Software Link:
https://www.sourcecodester.com/download-code?nid=14587&title=Customer+Support+System+using+PHP%2FMySQLi+with+Source+Code
# Version: 1.0
# Tested on: Windows
# CVE : CVE-2023-49976
*Steps to reproduce:*
1- Log in to the application.
2- Visit the ticket creation/editing page.
3- Create/Edit a ticket and insert the malicious payload into the
"subject" field/parameter.
Payload: <dt/><b/><script>alert(document.domain)</script>

last Exploits
Customer Support System 1.0 – Stored XSS的更多信息

Cyclope Employee Surveillance Solution 6.0 6.1.0 6.2.0 – Multiple Vulnerabilities：
intuitive – ‘form.php’ SQL Injection：
Xivo 1.2 – Arbitrary File Download：
DBHcms 1.1.4 – ‘dbhcms_user/SearchString’ SQL Injection：
AContent 1.0 – Cross-Site Scripting / HTML Injection：
Lebi soft Ziyaretci Defteri 7.5 – Database Disclosure：
Joomla! Component Fabrik – SQL Injection：
Victor CMS 1.0 – Authenticated Arbitrary File Upload：