Budget Management System 1.0 – ‘Budget title’ Stored XSS

• Exploit Database
• 102 阅读

• 作者： Jitendra Kumar Tripathi
  日期： 2021-03-29
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/49723/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

  # Exploit Title: Budget Management System 1.0 - &apos;Budget title&apos; Stored XSS # Exploit Author: Jitendra Kumar Tripathi # Vendor Homepage: https://www.sourcecodester.com/ # Software Link: https://www.sourcecodester.com/php/14403/budget-management-system.html # Version: 1 # Tested on Windows 10 + Xampp 8.0.3   XSS IMPACT: 1: Steal the cookie 2: User redirection to a malicious website   Vulnerable Parameters: Customer Details   *Steps to reproduce:* Add Budget Title Payload : <script>alert(1)</script> Reload the http://localhost/Budget%20Management%20System/index.php or update the budget , the xss will get triggered.