Hostel Management System 2.1 – Cross Site Scripting (XSS)

Exploit Database
12 阅读

作者： Chinmay Divekar

日期： 2022-01-05
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/50628/

# Exploit Title: Hostel Management System 2.1 - Cross Site Scripting (XSS)
# Date: 26/12/2021
# Exploit Author: Chinmay Vishwas Divekar
# Vendor Homepage: https://phpgurukul.com/hostel-management-system/
# Software Link: https://phpgurukul.com/hostel-management-system/
# Version: V 2.1
# Tested on: PopOS_20.10

*Steps to reproduce*

1) Open book-hostel page using following url https://localhost/hostel/book-hostel.php
2) Enter xss payload<img src=x onerror=alert(String.fromCharCode(88,83,83));> on various input fields.
3) Server Accepted our Payload in input fileds.

Affected input fields: Correspondence Address, Guardian Relation, Permanent Address

last Exploits
Hostel Management System 2.1 – Cross Site Scripting (XSS)的更多信息

AstroCMS – Multiple Vulnerabilities：
HumHub 0.11.2/0.20.0-beta.2 – SQL Injection：
Recipes Website 1.0 – SQL Injection：
FOOT Gestion – ‘id’ SQL Injection：
SenseSites CommonSense CMS – ‘id’ SQL Injection：
Belkin N150 Router 1.00.08/1.00.09 – Directory Traversal：
E-Sic Software livre CMS – ‘q’ SQL Injection：
TP-LINK TL-WR840N v5 00000005 – Cross-Site Scripting：