Book Store Management System 1.0.0 – Stored Cross-Site Scripting (XSS)

Exploit Database
18 阅读

作者： Rajeshwar Singh

日期： 2023-03-29
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/51123/

# Exploit Title: Book Store Management System 1.0.0 - Stored Cross-Site Scripting (XSS)
# Date: 2022-11-08
# Exploit Author: Rajeshwar Singh
# Vendor Homepage: https://www.sourcecodester.com/
# Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsms_ci.zip
# Tested on: Windows/XAMPP
###########################################################################

Payload use = "><script>alert("XSS")</script>

1. Visit URL http://localhost/bsms_ci/
2. login with admin Credentials 
3. navigate to user Management
4. Click on "Add New System User"
5. Addpayload in "Name" input field 
6. Click save.
7. Visit http://localhost/bsms_ci/index.php/user
8. XSS payload execute.

last Exploits
Book Store Management System 1.0.0 – Stored Cross-Site Scripting (XSS)的更多信息

CS-Cart 4.3.10 – XML External Entity Injection：
Boss Mini 1.4.0 – local file inclusion：
CISCO Small Business 200 / 300 / 500 Switches – Multiple Vulnerabilities：
Online Examination System Project 1.0 – Cross-site request forgery (CSRF)：
Rvsitebuilder CMS – Database Backup Download：
Viavi Real Estate – SQL Injection：
Joomla! Component com_juliaportfolio – Local File Inclusion：
Schoolhos CMS – HTML Injection：